HSC MailInspector 跨站脚本漏洞

HSC MailInspector is a mail security analysis and filtering system developed by the Brazilian company HSC. Version 5.3.3-7 of HSC MailInspector contains a cross-site scripting vulnerability. This vulnerability arises from the use of alternative or obfuscated JavaScript syntax in user inputs withi...

HSC MailInspector 跨站脚本漏洞

HSC MailInspector is a mail security analysis and filtering system developed by the Brazilian company HSC. Version 5.3.3-7 of HSC MailInspector contains a cross-site scripting vulnerability. This vulnerability arises from the use of alternative or obfuscated JavaScript syntax in user-controlled...

WordPress plugin SlimStat Analytics 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2024-23511 WordPress The Plus Addons for Elementor plugin <= 5.3.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows DOM-Based XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.3.3...

PT-2026-1283

Name of the Vulnerable Software and Affected Versions The Plus Addons for Elementor Page Builder Lite versions through 5.3.3 Description The Plus Addons for Elementor Page Builder Lite is susceptible to a DOM-Based Cross-site Scripting issue due to improper input neutralization during web page...

CVE-2025-61950

In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. With some crafted request, a logged-in user may alter the memo field. The affected products and versions are GroupSession Free edition prior to ver5.3.0,...

CVE-2025-53523

Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. A logged-in user can prepare a malicious page or URL, and an arbitrary script may be executed on the web browser when...

CVE-2025-58576

Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a malicious page while logged in, unintended operations may be performed...

CVE-2025-54407

CVE-2025-54407 is a stored cross-site scripting vulnerability affecting GroupSession Free edition prior to 5.3.0, GroupSession byCloud prior to 5.3.3, and GroupSession ZION prior to 5.3.2. The published descriptions state that if a user accesses a crafted page or URL, an arbitrary script may be e...

PT-2025-50875

In GroupSession, a Circular notice can be created with its memo field non-editable, but the authorization check is improperly implemented. With some crafted request, a logged-in user may alter the memo field. The affected products and versions are GroupSession Free edition prior to ver5.3.0,...

CVE-2025-3222 Smallworld SWMFS Improper Authentication

Improper Authentication vulnerability in GE Vernova Smallworld on Windows, Linux allows Authentication Abuse.This issue affects Smallworld: 5.3.3 and prior versions for Linux, and 5.3.4. and prior versions for Windows...

Django TomSelect incomplete escaping of dangerous characters in widget attributes

Summary User supplied values passed through to certain attributes in form widgets are not fully escaped for potentially dangerous tokens, and in some cases are rendered in browser as valid html tags. Details Attributes passed to the widget such as labelfield containing , and similar tokens are no...

CVE-2025-25222

The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved...

CVE-2025-25221

The LuxCal Web Calendar prior to 5.3.3M MySQL version and prior to 5.3.3L SQLite version contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved...

PT-2024-22462 · Unknown · Niushop B2B2C

Name of the Vulnerable Software and Affected Versions: Niushop B2B2C versions 5.3.3 and earlier Description: A SQL injection issue allows an attacker to escalate privileges via the setPrice function of the Goodsbatchset.php component. The vulnerability is critical and can be exploited to gain...

SUSE CVE-2023-41334

Astropy is a project for astronomy in Python that fosters interoperability between Python astronomy packages. Version 5.3.2 of the Astropy core package is vulnerable to remote code execution due to improper input validation in the TranformGraph.todotgraph function. A malicious user can provide a...

CVE-2023-45585

An insertion of sensitive information into log file vulnerability CWE-532 in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, versi...

GHSA-RC4V-99CR-PJCM Prototype Pollution in ali-security/mongoose

Impact This vulnerability causes a Prototype Pollution in document.js, through functions such as findByIdAndUpdate. For applications using Express and EJS, this can potentially allow remote code execution. Patches The original patched version for mongoose 5.3.3 did not include a fix for...

Atlassian Jira Service Management 5.5.0 < 5.3.3 Critical Authentication Vulnerability

According to its self-reported version number, the Atlassian Jira Service Management application running on the remote host is version 5.3.0 prior to version 5.3.3, 5.4.0 prior to 5.4.2 or 5.5.0 prior to 5.3.3. It is, therefore, affected by a critical authentication vulnerability which allows a...

Race Condition

Overview audited is a logging module for ORM models Affected versions of this package are vulnerable to Race Condition involving Thread.current which, in certain setups with threaded web servers, can log the wrong username in an audit log. Remediation Upgrade audited to version 5.3.3 or higher...