CVE-2025-55620

A cross-site scripting XSS vulnerability in the valuateJavascript function of Reolink v4.54.0.4.20250526 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Group Office 跨站脚本漏洞

Group Office is a modular office suite from the Dutch company Group Office. A cross-site scripting vulnerability exists in Group Office versions prior to 6.8.119 and prior to 25.0.20, which stems from a cross-site scripting attack that could lead to the execution of arbitrary script...

WordPress BaiduXZH Submit plugin cross-site scripting vulnerability

WordPress BaiduXZH Submit plugin is a third-party WordPress plugin, mainly used for automatic submission of website content to Baidu Bear Paw, to achieve rapid inclusion within 24 hours, and support for original protection features. WordPress BaiduXZH Submit plugin has a cross-site scripting...

WordPress Mosaic Generator plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Mosaic Generator plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-suppli...

CVE-2025-55006 Frappe Learning Holds Potential for Malicious SVG Upload in Image Upload Feature

Frappe Learning is a learning system that helps users structure their content. In versions 2.33.0 and below, the image upload functionality did not adequately sanitize uploaded SVG files. This allowed users to upload SVG files containing embedded JavaScript or other potentially malicious content...

CLSA-2025-1754413156 git: Fix of 2 CVEs

CVE-2025-27614: fix a vulnerability in Gitk that allowed arbitrary script execution via specially crafted filenames in a repository - CVE-2025-27614: fix a vulnerability in Gitk that allowed arbitrary file creation/truncation - CVE-2025-46835: fix a vulnerability in Git GUI where editing files in...

WordPress plugin WP Easy Contact 跨站脚本漏洞

WordPress WP Easy Contact plugin is mainly used for website message function management, support users to submit messages and send them to the administrator's mailbox. WordPress WP Easy Contact plugin suffers from a cross-site scripting vulnerability that stems from the lack of effective filterin...

CVE-2025-26065

A cross-site scripting XSS vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a visiting Wi-Fi network...

CVE-2025-26065

A cross-site scripting XSS vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a visiting Wi-Fi network...

PT-2025-31830 · Austrian Archaeological Institute · Openatlas

Name of the Vulnerable Software and Affected Versions: Austrian Archaeological Institute AI OpenAtlas version 8.11.0 Description: OpenAtlas contains a cross-site scripting XSS issue. Attackers can inject a crafted payload into the Name field, enabling the execution of arbitrary web scripts or HTM...

CVE-2025-26064

A cross-site scripting XSS vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a connnected device...

WordPress plugin All in One Time Clock Lite 跨站脚本漏洞

WordPress All in One Time Clock Lite plugin is a plugin for tracking employee's working hours and supports employee/volunteer/contractor attendance recording and report generation. The WordPress All in One Time Clock Lite plugin suffers from a cross-site scripting vulnerability that stems from th...

WordPress plugin SureForms 安全漏洞

WordPress SureForms plugin is designed for WordPress visual form builder plugin , support drag and drop operation , no programming foundation can quickly build responsive form . WordPress SureForms plugin suffers from a cross-site scripting vulnerability that stems from the lack of effective...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-18563)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2025-45778

A stored cross-site scripting XSS vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description text field...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through crafted requests. An attacker can execute arbitrary scripts in the context of a user's browser by submitting crafted input to the title, categoryTitle, or tmpTag parameters. Details Cross-site scripting ...

CVE-2025-54757

Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser...

CVE-2025-36563

Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser...

CVE-2025-41391

CVE-2025-41391 is a stored cross-site scripting vulnerability in PowerCMS. The issue allows an arbitrary script to execute in a browser when a product user accesses a malicious page. Connected sources confirm PowerCMS (Alfasado Inc.) as affected and describe multiple PowerCMS pages/versions as im...

CVE-2025-41391

Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser...