Adobe Experience Manager cross-site scripting vulnerability (CNVD-2026-13947)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14287)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the ipblock.cgi endpoint of the SRCIP and COMMENT parameters of the user-supplied data lack of effective filtering and...

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14285)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express has a cross-site scripting vulnerability. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the NTPSERVER parameter of the time.cgi...

CVE-2025-56605

A reflected Cross-Site Scripting XSS vulnerability exists in the register.php backend script of PuneethReddyHC Event Management System 1.0. The mobile POST parameter is improperly validated and echoed back in the HTTP response without sanitization, allowing an attacker to inject and execute...

PT-2026-22084

Name of the Vulnerable Software and Affected Versions Drupal Tagify versions prior to 1.2.49 Description The Tagify module for Drupal does not properly sanitize user-provided input before using it in JavaScript templates within the Tagify widget. This allows for the execution of arbitrary...

LinkAce 安全漏洞

LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce 2.4.2 and earlier contained a security vulnerability; this vulnerability stemmed from a storage-type cross-site scripting vulnerability in the list’s Atom...

DOJO Cross-Site Scripting Vulnerabilities

DOJO is a JavaScript toolkit open source by pwn.college. pwn.college’s DOJO has a cross-site scripting vulnerability; this vulnerability stems from the lack of sandbox isolation, which may lead to sandbox escape and arbitrary JavaScript execution...

MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-10668)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. A cross-site scripting vulnerability exists in MedDream PACS Premium and is caused by improper validation of user-supplied input by the Modify Anonymization feature. An attacker could exploit the...

CVE-2025-58087

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

CVE-2025-54852

A reflected cross-site scripting xss vulnerability exists in the modifyAeTitle functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-54495

A reflected cross-site scripting xss vulnerability exists in the emailfailedjob functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-54157

A reflected cross-site scripting xss vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-54157

A reflected cross-site scripting xss vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-53516

A reflected cross-site scripting xss vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-54157

A reflected cross-site scripting xss vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-54157

Summary (CVE-2025-54157): Cisco Talos reports a post-authentication, reflected cross-site scripting vulnerability in MedDream PACS Premium 7.3.6.870, specifically in the encapsulatedDoc.php path. A crafted URL can cause arbitrary JavaScript execution, potentially affecting users who can access th...

CVE-2025-46270

Talos reports MedDream PACS Premium 7.3.6.870 contains a post-authenticated reflected XSS in Pacs/fetchPriorStudies.php, triggered by a crafted uid URL parameter. The vulnerability can cause arbitrary JavaScript execution in the attacker’s browser when the vulnerable page outputs unsanitized uid ...

CVE-2025-55071

A reflected cross-site scripting xss vulnerability exists in the modifyAnonymize functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-54852

CVE-2025-54852 is a pre-authenticated, reflected cross-site scripting (XSS) vulnerability in MedDream PACS Premium 7.3.6.870, specifically in the modifyAeTitle.php script. A crafted URL with an unsanitized title parameter can cause arbitrary JavaScript execution in the web output. Talos confirms ...

CVE-2025-54814

MedDream PACS Premium 7.3.6.870 contains a post-auth reflected XSS in Pacs/modifyAutopurgeFilter.php via the key URL parameter. A crafted URL can cause arbitrary JavaScript execution in the affected web output. Talos reports the vulnerability as TALOS-2025-2261 (CVE-2025-54814) with CVSSv3.1 6.1 ...