7610 matches found
CVE-2024-55060
A cross-site scripting XSS vulnerability in the component index.php of Rafed CMS Website v1.44 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
FreeBSD : libreoffice -- Macro URL arbitrary script execution (a86f9189-fdd9-11ef-91ff-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a86f9189-fdd9-11ef-91ff-b42e991fc52e advisory. [email protected] reports: LibreOffice supports Office URI Schemes to enable browser...
WordPress plugin amoCRM WebForm 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress plugin amoCR...
CVE-2025-25925
A stored cross-scripting XSS vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/shortPatientForm.form...
CVE-2025-25908
A stored cross-site scripting XSS vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save...
tianti 跨站脚本漏洞
tianti tianti is jeffry personal developer of a JAVA lightweight CMS solution. A security vulnerability exists in tianti v2.3. An attacker can exploit this vulnerability to execute arbitrary Web script or HTML by injecting a specially crafted payload into the coverImageURL parameter...
CVE-2025-25908
A stored cross-site scripting XSS vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save...
CVE-2025-20208
CVE-2025-20208 is a reported cross-site scripting (XSS) vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS). The flaw stems from insufficient input validation in a data field of the web UI, enabling a low-privileged, remote attacker to inject script co...
Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS could allow a low-privileged, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based...
CVE-2025-24494
CVE-2025-24494 affects the Keysight Ixia Vision Product Family. A path traversal vulnerability combined with the Upload functionality could lead to remote code execution under a privileged device admin account, potentially enabling execution of arbitrary scripts or uploaded binaries. The issue is...
CVE-2025-25949
A stored cross-site scripting XSS vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System SIS EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the User ID parameter at /rest/staffResource/update...
LibreOffice Arbitrary Script Execution Vulnerability (Mar 2025) - Mac OS X
LibreOffice is prone to an arbitrary script execution vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
LibreOffice Arbitrary Script Execution Vulnerability (Mar 2025) - Linux
LibreOffice is prone to an arbitrary script execution vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
LibreOffice Arbitrary Script Execution Vulnerability (Mar 2025) - Windows
LibreOffice is prone to an arbitrary script execution vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Linux Distros Unpatched Vulnerability : CVE-2022-3140
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command'...
CVE-2025-1080 Macro URL arbitrary script execution
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with...
CVE-2025-0555 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
A Cross Site Scripting XSS vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions...
CVE-2025-0555 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
A Cross Site Scripting XSS vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions...
CVE-2025-0555
CVE-2025-0555 is a Cross-Site Scripting (XSS) vulnerability in GitLab-EE affecting all 16.6+ releases up to but not including 17.7.6, 17.8 up to not including 17.8.4, and 17.9 up to not including 17.9.1. The issue allows an attacker to bypass security controls and run arbitrary scripts in a user’...
CVE-2025-25825
A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category section...