278 matches found
EUVD-2022-25216
Malicious code in bioql PyPI...
EUVD-2022-4044
Malicious code in bioql PyPI...
EUVD-2022-41362
Malicious code in bioql PyPI...
EUVD-2024-52234
Malicious code in bioql PyPI...
EUVD-2023-50146
Malicious code in bioql PyPI...
CVE-2025-32019
Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0-rc1 and 2.13.0-rc1, contain a vulnerability where the markdown field in the info tab page can be exploited to inject XSS code. This is fixed ...
Microsoft Edge Windows 10 Version 1511 - Cross Site Scripting (XSS)
Titles: Microsoft Edge Windows 10 Version 1511 - Cross Site Scripting XSS Author: nu11secur1ty Date: 2025-07-18 Vendor: Microsoft Software: Microsoft Edge Browser Reference: https://www.cve.org/CVERecord?id=CVE-2015-6176 !/usr/bin/python nu11secur1ty CVE-2015-6176 import http.server import...
Exploit for Cross-site Scripting in Campcodes Online_Movie_Theater_Seat_Reservation_System
XSS Exploit for CVE-2025-7840 Author: Byte Reaper @ByteR...
Exploit for CVE-2025-0133
mitsecvpnxssexploit 🔓 Exploit for GlobalProtect SSL VPN en...
PT-2025-24500 · Unknown · Silverpeas
Name of the Vulnerable Software and Affected Versions: Silverpeas version 6.4.2 Description: The issue is a stored cross-site scripting XSS vulnerability in the event management module. An authenticated user can upload a malicious SVG file as an event attachment, which, when viewed by an...
CVE-2023-26059
An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zon...
CVE-2023-41896
Home assistant is an open source home automation. Whilst auditing the frontend code to identify hidden parameters, Cure53 detected authcallback=1, which is leveraged by the WebSocket authentication logic in tandem with the state parameter. The state parameter contains the hassUrl, which is...
CVE-2023-47258
Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter...
CVE-2023-37067
Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section...
CVE-2021-32798
The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim...
CVE-2020-13239
The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS...
CVE-2020-17551
ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution...
CVE-2018-5667
An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnuusernamevalidationpattern parameter...
CVE-2019-19679
In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action for a new Test Issue...
CVE-2019-1010005
HexoEditor v1.1.8-beta is affected by: XSS to code execution...