CVE-2025-22996

A stored cross-site scripting XSS vulnerability in the spftablecontent component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter...

CVE-2025-22996

Linksys E5600 Router firmware version 1.1.0.26 contains a stored XSS in the spf_table_content component (desc parameter). Root cause: improper handling of input in spf_table_content leading to injected web scripts/HTML. Impact per sources: potential execution of arbitrary scripts/HTML in the web ...

CVE-2024-55494

A PHP Code Injection vulnerability that can lead to Remote Code Execution RCE and XSS in Opencode Mobile Collect Call v5.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the opfunc parameter at /occontrolpanel/index.php...

CVE-2024-42898

A cross-site scripting XSS vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page...

CVE-2024-55494

CVE-2024-55494 affects Opencode Mobile Collect Call v5.4.7. A PHP Code Injection vulnerability allows an attacker to inject code via a crafted payload into the op_func parameter at /occontrolpanel/index.php, enabling potential Remote Code Execution and XSS. The issue is documented across multiple...

Opencode Mobile Collect Call 安全漏洞

Opencode Mobile Collect Call is a mobile payphone solution from Opencode. A security vulnerability exists in Opencode Mobile Collect Call version v5.4.7. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected into the opfunc...

CVE-2024-55494

A PHP Code Injection vulnerability that can lead to Remote Code Execution RCE and XSS in Opencode Mobile Collect Call v5.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the opfunc parameter at /occontrolpanel/index.php...

CVE-2025-20166 Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied...

CVE-2025-21603

Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when accessing a crafted URL...

CVE-2025-21603

CVE-2025-21603 affects PLANEX MZK-DP300N routers (firmware v1.05 and earlier). The issue is a cross-site scripting flaw (CWE-79) in the web interface, allowing an attacker who has logged in to manipulate device settings to trigger arbitrary script execution in the logged-in user’s browser via a c...

CVE-2024-46209

A stored cross-site scripting XSS vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter...

CVE-2024-46209

A stored cross-site scripting XSS vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter...

CVE-2024-56321

CVE-2024-56321 (GoCD) affects GoCD 18.9.0–24.4.0. The issue allows admins to abuse the backup configuration “post-backup script” to run arbitrary scripts on the hosting server/container as the GoCD user. In practice, impact is limited since an admin typically has host permissions, but in restrict...

CVE-2024-56321 GoCD can allow malicious GoCD admins to abuse backup configuration to gain additional host access

GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 inclusive can allow GoCD admins to abuse the backup configuration "post-backup script" feature to potentially execute arbitrary scripts on the hosting server or container as GoCD's user, rather than pre-configured scripts. I...

GoCD 安全漏洞

GoCD is a continuous delivery server from GoCD Open Source. A security vulnerability exists in GoCD versions 18.9.0 through 24.4.0, which stems from a vulnerability that allows misuse of the backup configuration feature, which could potentially allow execution of arbitrary scripts on managed...

Discourse cross-site scripting vulnerability (CNVD-2024-4963986)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

CVE-2024-55864

CVE-2024-55864 is a Cross-Site Scripting vulnerability in My WP Customize Admin/Frontend. Affected versions are before 1.24.1 (WordPress plugin). The issue could allow an authenticated attacker to inject arbitrary JavaScript that runs in other users’ browsers (CVSS 3.0 base 4.8, MEDIUM). Red Hat/...

CVE-2024-12089

A stored Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-12091

A stored Cross-site Scripting (XSS) vulnerability affects Dassault Systèmes ENOVIA Collaborative Industry Innovator (3DEXPERIENCE) versions R2022x through R2024x. The issue arises from unsanitized/stored input allowing an attacker to execute arbitrary script in a user’s browser session. Affected ...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary scripts via the mymessage parameter...