EUVD-2025-202478

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-64802

CVE-2025-64802 affects Adobe Experience Manager 6.5.23 and earlier with a stored XSS in vulnerable form fields. A low-privileged attacker could inject malicious scripts, which are executed in a victim’s browser upon visiting the affected page. Connected sources corroborate the stored XSS vector a...

EUVD-2012-0830

Malware in sbrugna...

EUVD-2022-5568

Malicious code in bioql PyPI...

CVE-2025-47040

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2021-38145

An issue was discovered in Form Tools through 3.0.20. SQL Injection can occur via the exportgroupid field when a low-privileged user client tries to export a form with data, e.g., manipulation of modules/exportmanager/export.php?exportgroupid=1group1results=alltypeid=1...

CVE-2025-23736 WordPress Form To JSON plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webgdawg Form To JSON form-to-json allows Reflected XSS.This issue affects Form To JSON: from n/a through = 1.0...

PT-2023-9638 · Totolink · Totolink Lr350

Name of the Vulnerable Software and Affected Versions: TOTOLINK LR350 versions up to 9.3.5u.6369 Description: A critical issue is related to the authorization procedure, specifically with the handling of the authCode parameter. This can allow a remote attacker to bypass security restrictions. The...

S-CMS 跨站脚本漏洞

S-CMS is a product developed by Zibo Shining Network Technology Co., Ltd. that provides solutions for building enterprise websites. /app/formadd/ in S-CMS 3.0 has a stored cross-site scripting vulnerability that can be exploited to execute arbitrary Web scripts or HTML via the title entry text bo...

PT-2019-13643 · WordPress · Email Subscribers & Newsletters

Name of the Vulnerable Software and Affected Versions: Email Subscribers & Newsletters plugin version 4.1.6 Description: The issue allows an attacker to inject malicious JavaScript code through a publicly available subscription form. This is achieved by exploiting the esfpx name parameter in the...

Faraday v3.5 - Collaborative Penetration Test and Vulnerability Management Platform

Here’s the main new features and improvements in Faraday v3.5: New vulnerability form We are happy to introduce our new vulnerability form which makes the creation and editing of vulnerabilities easier. The new form brings you tabs to make it smaller and group different fields. Custom fields Add...

CVE-2017-6067

Symphony 2.6.9 has XSS in publish/notes/edit//saved/ via the bottom form field...

idev-WebsiteBuilder 1.0 CSRF Vulnerability

Exploit for php platform in category web applications Application Name : idev-WebsiteBuilder 1.0 Vulnerable Type : CSRF Demo : http://idevspot.com/demos/idev-websitebuilder/admin Author : Jonturk75 Greetz: Inj3ct0r Exploit DataBase 1337day.com 0day.today 2018-04-09...