EUVD-2019-20167

Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can inject script code through the name, subject, and message parameters in POST requests to...

Cross-site Scripting (XSS)

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Cross-site Scripting XSS via the workflow UI View Messages feature in the admin panel. An attacker can execute arbitrary JavaScript in the context of an administrator's browser by injecting a specially...

GHSA-964P-J4GG-MHWC Flowise is vulnerable to stored XSS via "View Messages" allows credential theft in FlowiseAI admin panel

Summary A stored Cross-Site Scripting XSS vulnerability in FlowiseAI allows a user to inject arbitrary JavaScript code via message input. When an administrator views messages using the "View Messages" button in the workflow UI, the malicious script executes in the context of the admin’s browser,...

Flowise is vulnerable to stored XSS via "View Messages" allows credential theft in FlowiseAI admin panel

Summary A stored Cross-Site Scripting XSS vulnerability in FlowiseAI allows a user to inject arbitrary JavaScript code via message input. When an administrator views messages using the "View Messages" button in the workflow UI, the malicious script executes in the context of the admin’s browser,...

EUVD-2025-32377

Malicious code in bioql PyPI...

Rocket.Chat Elevation of Privilege Vulnerability

Rocket.Chat is an open source team chat software. Chat suffers from an elevation of privilege vulnerability that stems from improper privilege management in the application, which can be exploited by any authenticated attacker to gain elevated privileges to view direct messages without proper...