Microweber <1.2.12 - Stored Cross-Site Scripting

Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unrestricted upload of XML files,. id: CVE-2022-0963 info: name: Microweber 1.2.12 - Stored Cross-Site Scripting author: amit-jd severity: medium description: | Microweber prior to 1.2.12 contains a stored...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the XML file upload. An attacker can execute arbitrary JavaScript in the context of an administrator's browser session by uploading a crafted XML file containing malicious code, which is rendered without...

CVE-2025-69210

FacturaScripts is affected by CVE-2025-69210: a stored XSS via the product file upload feature exists in versions prior to 2025.7. Authenticated users can upload crafted XML files containing executable JavaScript; these files are rendered without sufficient sanitization or content-type enforcemen...

CVE-2025-69210 FacturaScripts vulnerable to Stored Cross-Site Scripting (XSS) via XML File Upload

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.7, a stored cross-site scripting XSS vulnerability exists in the product file upload functionality. Authenticated users can upload crafted XML files containing executable JavaScript. These...

EUVD-2018-20548

Malware in sbrugna...

EUVD-2012-2236

Malware in sbrugna...

EUVD-2024-31264

Malicious code in bioql PyPI...

EUVD-2024-31263

Malicious code in bioql PyPI...

EUVD-2024-31265

Malicious code in bioql PyPI...

EUVD-2022-7778

Malicious code in bioql PyPI...

EUVD-2024-31262

Malicious code in bioql PyPI...

EUVD-2025-7571

Malicious code in bioql PyPI...

EUVD-2025-6991

Malicious code in bioql PyPI...

EUVD-2022-29491

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2022-38840

cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity XXE issue via XML file upload, which leads to local file disclosure...

CVE-2025-34129

A command injection vulnerability exists in LILIN Digital Video Recorder DVR devices prior to firmware version 2.0b6020200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicio...

CVE-2023-41369

The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause the entity loops to slow do...

CVE-2021-31339

A vulnerability has been identified in Mendix Excel Importer Module All versions V9.0.3. Uploading a manipulated XML File results in an exception that could expose information about the Application-Server and the used XML-Framework...

CVE-2025-2495 Stored Cross-Site Scripting (XSS) vulnerability in Softdial Contact Center

Stored Cross-Site Scripting XSS in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to upload XML files to the server with JavaScript code injected via the ‘/softdial/scheduler/save.php’ resource. The injected code will execute when the uploaded file is loaded via the...

CVE-2025-2495 Stored Cross-Site Scripting (XSS) vulnerability in Softdial Contact Center

Stored Cross-Site Scripting XSS in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to upload XML files to the server with JavaScript code injected via the ‘/softdial/scheduler/save.php’ resource. The injected code will execute when the uploaded file is loaded via the...