2049 matches found
CVE-2025-4985
CVE-2025-4985 affects Dassault Systèmes Project Portfolio Manager (Risk Management) across 3DEXPERIENCE R2022x–R2025x, with a stored XSS vulnerability that allows script execution in a user’s browser. The root cause is stored XSS within Risk Management, enabling arbitrary script execution per the...
CVE-2025-4990
CVE-2025-4990 — Normal mode Affected: Change Governance in Product Manager (Dassault Systèmes 3DEXPERIENCE) from releases R2022x through R2025x. Vulnerability: Stored Cross-site Scripting (XSS) that allows an attacker to inject and execute arbitrary script in a user’s browser session. Root cause/...
CVE-2025-4992 Stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x
A stored Cross-site Scripting XSS vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-41406
Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the moderator user...
CVE-2025-41406
Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the moderator user...
PT-2025-23261 · Wivia 5 · Wivia 5
Name of the Vulnerable Software and Affected Versions: Wivia 5 affected versions not specified Description: A cross-site scripting issue exists. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the...
Dassault Systèmes Project Portfolio Manager 跨站脚本漏洞
Dassault Systèmes Project Portfolio Manager is an application from Dassault Systèmes, France. It is responsible for developing and implementing the project portfolio management process. A cross-site scripting vulnerability exists in Dassault Systèmes Project Portfolio Manager 3DEXPERIENCE R2022x...
Dassault Systèmes Collaborative Industry Innovator 跨站脚本漏洞
Dassault Systèmes Collaborative Industry Innovator is a software for collaborative management from Dassault Systèmes France. A cross-site scripting vulnerability exists in Dassault Systèmes Collaborative Industry Innovator versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2025x, which originates...
Uchida Yoko wivia 跨站脚本漏洞
The Uchida Yoko wivia is a presentation aid from Uchida Yoko Japan that wirelessly projects a computer screen to a display device such as a projector. A cross-site scripting vulnerability exists in Uchida Yoko wivia that originates from cross-site scripting and could lead to the execution of...
[SECURITY] [DLA 4185-1] yelp-xsl security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4185-1 [email protected] https://www.debian.org/lts/security/ Lucas Kanashiro May 28, 2025 https://wiki.debian.org/LTS -...
[SECURITY] [DSA 5927-1] yelp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5927-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 28, 2025 https://www.debian.org/security/faq -...
Debian dla-4185 : yelp-xsl - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4185 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4185-1 [email protected] https://www.debian.org/lts/security/...
Debian dla-4184 : libyelp-dev - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4184 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4184-1 [email protected] https://www.debian.org/lts/security/...
CVE-2025-22997
A stored cross-site scripting XSS vulnerability in the prftablecontent component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter...
CVE-2025-21603
Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when accessing a crafted URL...
CVE-2024-44918
A cross-site scripting XSS vulnerability in the component admindatarelate.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2024-44920
A cross-site scripting XSS vulnerability in the component admincollectnews.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter...
CVE-2024-42412
Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser...
CVE-2024-42550
A cross-site scripting XSS vulnerability in the component /email/welcome.php of Mini Inventory and Sales Management System commit 18aa3d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter...
CVE-2024-20443
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affect...