CVE-2024-55060

A cross-site scripting XSS vulnerability in the component index.php of Rafed CMS Website v1.44 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-55060

CVE-2024-55060 affects Rafed CMS Website v1.44, with a cross-site scripting (XSS) vulnerability in the component index.php that allows an attacker to execute arbitrary web scripts/HTML via a crafted payload. The CVE entry documents a network-vector, low-privilege, user-interaction-required vulner...

CVE-2025-25925

A stored cross-scripting XSS vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/shortPatientForm.form...

WordPress plugin amoCRM WebForm 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress plugin amoCR...

FreeBSD : libreoffice -- Macro URL arbitrary script execution (a86f9189-fdd9-11ef-91ff-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a86f9189-fdd9-11ef-91ff-b42e991fc52e advisory. [email protected] reports: LibreOffice supports Office URI Schemes to enable browser...

CVE-2025-25908

A stored cross-site scripting XSS vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save...

CVE-2025-25908

A stored cross-site scripting XSS vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save...

CVE-2025-20208

CVE-2025-20208 is a reported cross-site scripting (XSS) vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS). The flaw stems from insufficient input validation in a data field of the web UI, enabling a low-privileged, remote attacker to inject script co...

Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS could allow a low-privileged, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based...

CVE-2025-25949

A stored cross-site scripting XSS vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System SIS EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the User ID parameter at /rest/staffResource/update...

LibreOffice Arbitrary Script Execution Vulnerability (Mar 2025) - Windows

LibreOffice is prone to an arbitrary script execution vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

LibreOffice Arbitrary Script Execution Vulnerability (Mar 2025) - Mac OS X

LibreOffice is prone to an arbitrary script execution vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

LibreOffice Arbitrary Script Execution Vulnerability (Mar 2025) - Linux

LibreOffice is prone to an arbitrary script execution vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Linux Distros Unpatched Vulnerability : CVE-2022-3140

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command'...

CVE-2025-1080 Macro URL arbitrary script execution

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with...

CVE-2025-0555 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

A Cross Site Scripting XSS vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions...

CVE-2025-0555

CVE-2025-0555 is a Cross-Site Scripting (XSS) vulnerability in GitLab-EE affecting all 16.6+ releases up to but not including 17.7.6, 17.8 up to not including 17.8.4, and 17.9 up to not including 17.9.1. The issue allows an attacker to bypass security controls and run arbitrary scripts in a user’...

CVE-2025-0555 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

A Cross Site Scripting XSS vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions...

CVE-2025-25825

A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category section...

Trendnet TEW-929DRU 安全漏洞

The TRENDnet TEW-929DRU is a wireless router from TRENDnet. The TRENDnet TEW-929DRU suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the configname parameter of the /cbiaddcert.htm page, which can be exploited ...