EUVD-2017-1242

Malware in sbrugna...

EUVD-2021-25059

Malware in sbrugna...

CVE-2025-23366

A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...

Cross-Site Scripting (XSS)

netcarver/textile is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-controllable href input in image links when running the parser in restricted mode, allowing an attacker to inject malicious JavaScript code into image links, which is executed wh...

CVE-2024-3576

The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and...

CVE-2024-3576

CVE-2024-3576 affects MOXA NPort 5100A Series firmware v1.6 and earlier. The root cause is failure to properly neutralize user-controllable input in the device’s web server output, enabling a cross-site scripting (XSS) condition. Impact per sources: potential disclosure of sensitive information a...

Cross-site Scripting

gitlab:sid is vulnerable of cross site scripting. The vulnerability due to the manipulation with an unknown input in Jira integration configuration in GitLab CE/EE and does not neutralize user-controllable input before it is placed in output. It leads to cross site scripting by allow an attacker ...

The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted

An issue was found in the redirecturi validation logic that allows for a bypass of otherwise explicitly allowed hosts. The problem arises in the verifyRedirectUri method, which attempts to enforce rules on user-controllable input, but essentially causes a desynchronization in how Keycloak and...

Cross-site Scripting (XSS)

github.com/answerdev/answer is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of validation in the user-controllable input in markdown.go, which allows an attacker to inject and execute malicious Javascript into the browser...

Stored XSS @ updatecategory

Description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept Code That has a Vulnerability: // Updates an existing category if $action === 'updatecategory' &&...

Cross-Site Scripting (XSS)

org.apache.isis is vulnerable to cross-site scripting. The vulnerability exists in multiple functions due to incorrectly neutralized user-controllable input allowing an attacker to inject and execute malicious JavaScript...

CVE-2022-28598

Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users...

Input validation

VISAM VBASE version 11.6.0.6 does not neutralize or incorrectly neutralizes user-controllable input before the data is placed in output used as a public-facing webpage...

CVE-2021-42535 VISAM VBASE Editor Cross Site Scripting

VISAM VBASE version 11.6.0.6 does not neutralize or incorrectly neutralizes user-controllable input before the data is placed in output used as a public-facing webpage...

Elcomplus LLC SmartICS Cross-Site Scripting Vulnerability

Elcomplus LLC SmartICS is a builder of top-level visualizations for industrial automation systems from Elcomplus LLC. A cross-site scripting vulnerability exists in Elcomplus LLC SmartICS. The vulnerability stems from a failure to neutralize user-controllable input and can be exploited by an...

Cross-site Scripting (XSS) - Stored

Description The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept - it works on firefox not in chromium based browsers - login as admin - go to...

categoly Cross-site Scripting (XSS) - Stored

Description The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept 1. Create new user,add category and add XSS payload" onClick="alert1" 2. Search user. 3. Click...

Cross-site Scripting (XSS) - Stored

Description The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept Add Item,And name is payload alertlocation...

Cross-site Scripting (XSS) - Stored

Description he software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept - login as an admin - go to...

Deserialization of Untrusted Data in SinGooCMS.Utility

This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatt...