Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the XML file upload. An attacker can execute arbitrary JavaScript in the context of an administrator's browser session by uploading a crafted XML file containing malicious code, which is rendered without...

CVE-2025-69210

FacturaScripts is affected by CVE-2025-69210: a stored XSS via the product file upload feature exists in versions prior to 2025.7. Authenticated users can upload crafted XML files containing executable JavaScript; these files are rendered without sufficient sanitization or content-type enforcemen...

EUVD-2018-20548

Malware in sbrugna...

EUVD-2012-2236

Malware in sbrugna...

EUVD-2022-7778

Malicious code in bioql PyPI...

EUVD-2022-29491

Malicious code in bioql PyPI...

EUVD-2025-6991

Malicious code in bioql PyPI...

EUVD-2025-7571

Malicious code in bioql PyPI...

EUVD-2024-31265

Malicious code in bioql PyPI...

EUVD-2024-31264

Malicious code in bioql PyPI...

EUVD-2024-31263

Malicious code in bioql PyPI...

EUVD-2024-31262

Malicious code in bioql PyPI...

CVE-2025-34129

A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicio...

CVE-2021-31339

A vulnerability has been identified in Mendix Excel Importer Module All versions V9.0.3. Uploading a manipulated XML File results in an exception that could expose information about the Application-Server and the used XML-Framework...

CVE-2025-2495

The CVE-2025-2495 issue affects Softdial Contact Center (Sytel Ltd.). It is a stored XSS vulnerability where an attacker can upload XML files via /softdial/scheduler/save.php; the injected JavaScript executes when the file is loaded through /softdial/scheduler/load.php, enabling potential redirec...

CVE-2025-2495 Stored Cross-Site Scripting (XSS) vulnerability in Softdial Contact Center

Stored Cross-Site Scripting XSS in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to upload XML files to the server with JavaScript code injected via the ‘/softdial/scheduler/save.php’ resource. The injected code will execute when the uploaded file is loaded via the...

CVE-2025-2495 Stored Cross-Site Scripting (XSS) vulnerability in Softdial Contact Center

Stored Cross-Site Scripting XSS in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to upload XML files to the server with JavaScript code injected via the ‘/softdial/scheduler/save.php’ resource. The injected code will execute when the uploaded file is loaded via the...

CVE-2024-33526

A Stored Cross-site Scripting XSS vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or HTML via XML file upload...

CVE-2024-33528

A Stored Cross-site Scripting XSS vulnerability in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with tutor privileges to inject arbitrary web script or HTML via XML file upload...

CVE-2024-33525

A Stored Cross-site Scripting XSS vulnerability in the "Import of organizational units and title of organizational unit" feature in ILIAS 7.20 to 7.29 and ILIAS 8.4 to 8.10 as well as ILIAS 9.0 allows remote authenticated attackers with administrative privileges to inject arbitrary web script or...