CVE-2025-20116

A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper input validation in the web...

CVE-2025-25823

A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the article header at /admin/article.php...

CVE-2025-25825

A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category section...

CVE-2025-25825

A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category section...

CVE-2025-25818

A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the postStrVar function at articlesave.php...

CVE-2025-25818

A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the postStrVar function at articlesave.php...

CVE-2025-25825

A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category section...

CVE-2025-25825

CVE-2025-25825 concerns a cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4. The issue allows an attacker to inject arbitrary web script or HTML via a crafted payload into the Titile field in the article category section. Per the provided metrics, the vulnerability has a base score of ...

CVE-2025-25823

A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the article header at /admin/article.php...

CVE-2025-25825

A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category section...

CVE-2025-25818

A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the postStrVar function at articlesave.php...

WordPress plugin SMTP for Amazon SES 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

CVE-2025-25054

Movable Type contains a reflected cross-site scripting vulnerability in the user information edit page. When Multi-Factor authentication plugin is enabled and a user accesses a crafted page while logged in to the affected product, an arbitrary script may be executed on the web browser of the user...

CVE-2025-24841

Movable Type contains a stored cross-site scripting vulnerability in the HTML edit mode of MT Block Editor. It is exploitable when TinyMCE6 is used as a rich text editor and an arbitrary script may be executed on a logged-in user's web browser...

CVE-2025-24841

Movable Type contains a stored cross-site scripting vulnerability in the HTML edit mode of MT Block Editor. It is exploitable when TinyMCE6 is used as a rich text editor and an arbitrary script may be executed on a logged-in user's web browser...

CVE-2025-25054

Movable Type contains a reflected cross-site scripting vulnerability in the user information edit page. When Multi-Factor authentication plugin is enabled and a user accesses a crafted page while logged in to the affected product, an arbitrary script may be executed on the web browser of the user...

CVE-2025-22888

Movable Type contains a stored cross-site scripting vulnerability in the custom block edit page of MT Block Editor. If exploited, an arbitrary script may be executed on a logged-in user's web browser...

CVE-2025-22888

Movable Type contains a stored cross-site scripting vulnerability in the custom block edit page of MT Block Editor. If exploited, an arbitrary script may be executed on a logged-in user's web browser...

Dell Update Package Framework Local Elevation of Privilege Vulnerability

Dell Update Package Framework is a framework for updating system components from Dell USA. The product focuses on providing installers for drivers, applications, BIOS, and firmware. The Dell Update Package Framework suffers from a local elevation of privilege vulnerability that originates from a...

JVN#48742353: Multiple cross-site scripting vulnerabilities in Movable Type

Movable Type provided by Six Apart Ltd. contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in the custom block edit page of MT Block Editor CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2025-22888 Stored cross-si...