EUVD-2025-28766

Malicious code in bioql PyPI...

Responsive Pricing Table < 5.1.11 - Author+ Stored XSS

Description The plugin does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks - Create a new Pricing Table...

CVE-2021-43657

A Stored Cross-site scripting XSS vulnerability via MAster.php in Sourcecodetester Simple Client Management System SCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the vulnerable input fields...

Stored XSS in "Name", "Group Name" & "Title"

Description The application allows img tag & src attribute in "Name","Title" & "Group Name" fields for which attackers can perform stored cross-site scripting. Proof of Concept 1.Login to the application and go to profile. 2.Now in the "Name" input field paste the below payload and click on "SAVE...

CityBook < 2.3.4 - Multiple Vulnerabilities

Multiple vulnerabilities was discovered in the 'CityBook - Directory & Listing WordPress Theme', tested version — v2.3.3: - Unauthenticated Reflected XSS - Authenticated Persistent XSS - IDOR Edit WPScanTeam: December 27h, 2019 - Envato Contacted January 6th, 2020 - Envato Investigating January...

InJob < 3.3.8 - Reflected & Persistent XSS

Multiple XSS vulnerabilities have been founded in the 'InJob | Multi-purpose for recruitment WordPress Theme' theme v3.3.6. Edit WPScanTeam: September 16th, 2019 - Envato Contacted September 16th, 2019 - v3.3.7 released. XSS still present October 11th, 2019 - Envato contacted again for updates...

Reality < 2.4.0 - Multiple Persistent XSS

----- Persistent XSS on any property page: ----- Vulnerable input fields: 1 - Description & Price - 'PRICE POSTFIX TEXT' and 'SECOND PRICE POSTFIX TEXT'; 2 - Additional Information - 'TITLE' and 'VALUE'; 3 - Location & Map - 'ADDRESS '. Payload Sample: ----- Persistent XSS on user profile page:...

Portier Vision 4.4.4.2 4.4.4.6 - SQL Injection

Portier Vision 4.4.4.2 4.4.4.6 - SQL Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2018-012 Product: PORTIER Affected Versions: 4.4.4.2, 4.4.4.6 Tested Versions: 4.4.4.2, 4.4.4.6 Vulnerability Type: SQL Injection CWE-89 Risk Level: HIGH Solution Status: Open...

Supr Shopsystem 5.1.0 - Persistent UI Vulnerability

Exploit for php platform in category web applications Product & Service Introduction: =============================== SUPR is a modern and user-friendly system which allows each store very quickly and easily create their own online store. Without installation and own webspace you can begin to...