CVE-2025-54757

Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser...

CVE-2025-54757

CVE-2025-54757 affects PowerCMS. Unrestricted upload of files allows a product user-uploaded file to contain dangerous content, potentially enabling an arbitrary script when an administrator opens the malicious file in the browser. The root issue is unsafe handling of file uploads that can be man...

CVE-2025-26064

CVE-2025-26064 is an XSS vulnerability affecting Intelbras RX1500 (v2.2.9) and RX3000 (v1.0.11). The root cause is unvalidated/crafted input in the name of a connected device, allowing attackers to execute arbitrary web scripts or HTML in the web management interface. Impact is web-based, with po...

WordPress plugin GiveWP 跨站脚本漏洞

WordPress GiveWP plugin is an open source online donation system plugin, mainly used to help the website to realize the online fundraising function. WordPress GiveWP plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping...

Alfasado PowerCMS 跨站脚本漏洞

Alfasado PowerCMS is a content management system CMS from Alfasado Japan. A cross-site scripting vulnerability exists in Alfasado PowerCMS that originates from stored cross-site scripting and could lead to the execution of arbitrary script...

PT-2025-31483 · Powercms · Powercms

Name of the Vulnerable Software and Affected Versions: PowerCMS affected versions not specified Description: A reflected cross-site scripting issue exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed in the browser...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

RockyLinux 9 : libreoffice (RLSA-2025:3408)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:3408 advisory. libreoffice: Macro URL arbitrary script execution CVE-2025-1080 Tenable has extracted the preceding description block directly from the RockyLinux security...

RLSA-2025:3408 Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

CVE-2025-45406

A stored cross-site scripting XSS vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbartime parameter. NOTE: this is disputed by the Supplier because attackers cannot influence the value of debugbartime, and...

CVE-2025-45406

A stored cross-site scripting XSS vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbartime parameter. NOTE: this is disputed by the Supplier because attackers cannot influence the value of debugbartime, and...

GHSA-269J-37WW-CMH3 Mezzanine CMS vulnerable to Cross-site Scripting

A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...

CVE-2025-51396

A stored cross-site scripting XSS vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter...

CVE-2025-51398

A stored cross-site scripting XSS vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

CVE-2025-51860

Stored Cross-Site Scripting XSS in TelegAI telegai.com 2025-05-26 in its chat component and character container component. An attacker can achieve arbitrary client-side script execution by crafting an AI Character with SVG XSS payloads in either description, greeting, example dialog, or system...

CVE-2025-51860

Stored Cross-Site Scripting XSS in TelegAI telegai.com 2025-05-26 in its chat component and character container component. An attacker can achieve arbitrary client-side script execution by crafting an AI Character with SVG XSS payloads in either description, greeting, example dialog, or system...

CVE-2025-51401

A stored cross-site scripting XSS vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the operator name parameter...

CVE-2025-51397

A stored cross-site scripting XSS vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists...

CVE-2025-51403

A stored cross-site scripting XSS vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter...

CVE-2025-51400

A stored cross-site scripting XSS vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...