Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2025-13902

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server...

CVE-2025-70128

A Stored Cross-Site Scripting XSS vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and earlier. The application fails to properly sanitize or validate user-supplied input in the "link" field of a comment. An attacker can inject arbitrary JavaScript code using...

PT-2026-24255

CWE-79 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server...

📄 DOMPurify 3.13 Cross Site Scripting

A mutation cross site scripting vulnerability exists in DOMPurify versions 3.1.3 and below when the SAFEFORXML configuration is enabled. ============================================================================================================================================= | Title : DOMPurif...

CVE-2025-59542

Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting XSS vulnerability. By injecting malicious JavaScript into the course learning path Settings field, an attacker with a low-privileged account e.g., trainer can execute arbitrary JavaScript cod...

CVE-2026-28393

OpenClaw 2.0.0-beta3 through 2026.2.13 contains a path-traversal vulnerability in the hook transform module loading (hooks.mappings[].transform.module) that allows loading and executing arbitrary JavaScript with gateway process privileges when an attacker can modify configuration. The issue arise...

CVE-2026-28343

A flaw was found in CKEditor. This cross-site scripting XSS vulnerability in the General HTML Support feature allows an attacker to execute unauthorized JavaScript code. This can occur by inserting specially crafted markup if the editor instance is configured with unsafe General HTML Support...

GHSA-3C22-5J5M-4JQ7 Gokapi has Stored XSS in SVG Hotlinks

Summary If a malicious authenticated user uploads SVG and creates a hotlink for it, they achieve stored XSS. Details The hotlinking functionality fails to properly handle scripts included in the SVGs, allowing authenticated attackers with the ability to upload and hotlink file to execute arbitrar...

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant. Versions of OpenClaw from 2.0.0-beta3 up to 2026.2.14 contained code vulnerabilities. These vulnerabilities stemmed from path traversal issues during the loading of the hook transform module, which could allow execution of arbitrary...

PT-2026-23603

Name of the Vulnerable Software and Affected Versions Gokapi versions prior to 2.2.3 Description A malicious authenticated user can achieve stored cross-site scripting XSS by uploading SVG files and creating a hotlink for them. The hotlinking functionality does not properly handle scripts include...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the getDynamicIcon endpoint when attacker-controlled input is embedded into SVG output without proper sanitization. An attacker can execute arbitrary JavaScript in the context of the web application by...

CVE-2021-35483

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an...

PT-2026-23522

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2.0.0-beta3 through 2026.2.13 Description The OpenClaw software contains a path traversal issue within the hook transform module loading process that could lead to arbitrary JavaScript execution. The...

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14287)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the ipblock.cgi endpoint of the SRCIP and COMMENT parameters of the user-supplied data lack of effective filtering and...

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14349)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the portfw.cgi script multiple parameters of the user-supplied data lack of effective filtering and escaping , an attacke...

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14345)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express suffers from a cross-site scripting vulnerability that originates from the interfaces.cgi script to GREENADDRESS, GREENNETMASK, REDDHCPHOSTNAME, REDADDRESS, DNS1OVERRIDE, DNS2 OVERRIDE,...

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14285)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express has a cross-site scripting vulnerability. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the NTPSERVER parameter of the time.cgi...