Lucene search
K

14 matches found

Snyk
Snyk
added 2026/03/16 12:24 a.m.3 views

Malicious Package

Overview @vtim/xss-poc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/16 12:24 a.m.6 views

Malicious code in @vtim/xss-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 947e0af0661087703ab13fc4220ceff05dafffb94addd8243f90a86929beaf3c The package @vtim/xss-poc was found to contain malicious code. Source: ghsa-malware 20e54e730a6708f44f0828a03bf7ac5c9fb2c88074659d45570d90af289eca84...

5.7AI score
Exploits0References1
OSV
OSV
added 2026/03/16 12:24 a.m.4 views

MAL-2026-1440 Malicious code in @vtim/xss-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 947e0af0661087703ab13fc4220ceff05dafffb94addd8243f90a86929beaf3c The package @vtim/xss-poc was found to contain malicious code. Source: ghsa-malware 20e54e730a6708f44f0828a03bf7ac5c9fb2c88074659d45570d90af289eca84...

5.7AI score
Exploits0References1
wpexploit
wpexploit
added 2024/05/17 12:0 a.m.165 views

Logo Slider < 4.0.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 1. Using a contributor account, add a Logo Slider using the Shortco...

8.3AI score0.00295EPSS
Exploits1
wpexploit
wpexploit
added 2024/04/03 12:0 a.m.252 views

Floating Chat Widget < 3.1.9 - Editor+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Chaty New Widget" 2. Create ...

5.7AI score0.00394EPSS
Exploits2References1
Hacker One
Hacker One
added 2022/06/29 5:19 p.m.17 views

Radancy: Admin account/panel takeOver and Doing actions in admin panel via DOM-based XSS

Hello team , I found Dom-XSS in your https://████████/ Webmail Admin Panel that manage attacker to stealing admin sensitive info and doing any action in your webmail admin panel . why and how this vulnerability happen : - if your reviewed the source code of this endpoint of the admin panel "...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2020/11/22 4:36 p.m.19 views

Automattic: [intensedebate.com] XSS Reflected POST-Based on update/tumblr2/{$id}

Summary: Hello, I have found an XSS Reflected POST-Based on https://www.intensedebate.com/update/tumblr2/$id. The parameter $POST'txtCode' is reflected and is not sanitized. To trigger the XSS an attacker need to create a site and invite the victim in their own site and give then full permissions...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2016/11/08 12:0 a.m.26 views

NodCMS Cross Site Request Forgery

Exploit Title : nodcms Cross Site Request Forgery Author : Ashiyane Digital Security Team Google Dork : - Date : 29/10/2016 Type : webapps Platform : PHP Vendor Homepage : http://www.nodcms.com/en Software link : https://github.com/khodakhah/nodcms/archive/master.zip CSRF PoC create User:...

0.4AI score
Exploits0
Packet Storm
Packet Storm
added 2013/11/04 12:0 a.m.35 views

Horde 5.1.2 Cross Site Request Forgery / Cross Site Scripting

Exploit Title : CSRF Horde Groupware Web mail Edition Author:Marcela Benetrix Date: 10/28/13 version: 5.1.2 software link:http://www.horde.org/apps/webmail GroupWare Web mail Edition Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can read, se...

3.4CVSS6.9AI score0.02084EPSS
Exploits6
Packet Storm
Packet Storm
added 2012/08/18 12:0 a.m.24 views

Hivemail Webmail 1.41F Build 103 Cross Site Scripting

!/usr/bin/python ''' Exploit Title: Hivemail Webmail Multiple Stored XSS issues Date: 16/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.hivemail.com/ Software Link: http://www.hivemail.com/data/HM141F103.rar Version: 1.41F Build 103 Gr33Tz: @aviadgolan , @benhayak,...

Exploits0
Packet Storm
Packet Storm
added 2011/12/03 12:0 a.m.33 views

WSN Classifieds 6.2.12 / 6.2.18 Cross Site Scripting / SQL Injection

Exploit Title: WSN Classifieds v.6.2.12 & 6.2.18 Multiple Vulnerabilities Script Page : http://www.wsnclassifieds.com Date: 1-12-2011 Author : RandomStorm - http://www.randomstorm.com Avram Marius Gabriel d3v1l Tested on: Windows XP & Vista IE9 - Firefox 8.0 Note: Redirect and Html Injection can ...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2011/07/19 12:0 a.m.42 views

WordPress bSuite 4.0.7 Cross Site Scripting

Original advisory: http://www.ihteam.net/advisory/bsuite-wordpress-permanent-xss/ WordPress bSuite Add Admin Download link: http://wordpress.org/extend/plugins/bsuite/ Author contact: 29/06/2011 POC published: 11/07/2011 Plugin is out-of-date, last update on 2009, so this is just a POC that show...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/11/09 12:0 a.m.42 views

FreeWebshop &lt;=2.2.2 [local file include &amp; xss]

FreeWebshop =2.2.2 severity: hight vendor site: http://www.freewebshop.org/ impact: an anonymous user can access anyfile on the remote server PoC : http://site.com/?page=../../../../../../../../../../etc/passwd00 http://site.com/index.php?page=../../../../../../../../../../etc/passwd00 xss get :...

0.4AI score
Exploits0
securityvulns
securityvulns
added 2006/06/09 12:0 a.m.31 views

Ez Ringtone Manager from scriptez.net - XSS

Ez Ringtone Manager Homepage: http://www.scriptsez.net Effected files: player.php search input box. XSS Vulnerabilities: http://example.com/ringtones/player.php?action=preview&id=SCRIPT20SRC=http://evilsite.com/xss.js/SCRIPT&cat=LG20Mobiles The search box doesnt properlly filter user input. Tags...

7.2AI score
Exploits0
Rows per page
Query Builder