EUVD-2023-52323

Malicious code in bioql PyPI...

CVE-2025-27914

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting XSS vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to inject and execute arbitrary JavaScript in a victim's session. Exploitation requires a valid auth token...

CVE-2024-51723

CVE-2024-51723 – BlackBerry AtHoc : A Stored XSS in the Management Console of AtHoc version 7.15 could allow an attacker to execute actions in the context of the victim’s session. Public details in PT-2024-34870 specify the vulnerable component as the Management Console and confirm the issue as a...

CVE-2024-45514

Summary: CVE-2024-45514 affects Zimbra Collaboration (ZCS) Webmail; a Cross-Site Scripting (XSS) flaw arises from insufficient sanitization of the packages parameter in one endpoint. Attackers can bypass checks by using encoded characters to inject and execute JavaScript in a victim’s session. Wh...

CVE-2024-45511

CVE-2024-45511 affects Zimbra Collaboration (ZCS) up to 10.1, via the Briefcase module. The root cause is improper sanitization of file contents by the OnlyOffice formatter, allowing a crafted URL to a shared folder containing a malicious file to execute arbitrary JavaScript in the victim’s sessi...

CVE-2024-27443

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0. A Cross-Site Scripting XSS vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this v...

CVE-2024-27443

CVE-2024-27443 affects Zimbra Collaboration (ZCS) 9.0 and 10.0, with a cross-site scripting flaw in the CalendarInvite feature caused by improper input validation of the calendar header. An attacker can embed a payload in a crafted calendar header sent via email; when a recipient views the messag...

CVE-2023-48258

The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s session...

CVE-2023-48258

The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s session...

CVE-2023-48255

The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log...

CVE-2023-48248

The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned file...

Code injection

The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned file...

All-in-One WP Migration < 7.63 - Unauthenticated Reflected XSS

The plugin uses the wrong content type for, and does not properly escape the response from the ai1wmexport action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session. Po...

CVE-2018-1000847

FreshDNS version 1.0.3 and prior contains a Cross Site Scripting XSS vulnerability in Account data form; Zone editor that can result in Execution of attacker's JavaScript code in victim's session. This attack appear to be exploitable via The attacker stores a specially crafted string as their Ful...

CubeCart 5.2.8 - Session Fixation

No description provided by source. Exploit Title: CubeCart 5.2.8 Session Fixation Exploit Author: James Sibley absane Blog: http://www.pentester.co Download link: http://www.cubecart.com/download/5.2.8/zip Discovery date: March 14th, 2014 Vendor notified: March 15th, 2014 Vendor fixed: April 10th...