CVE-2024-55228

A cross-site scripting XSS vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter...

CVE-2024-55228

A cross-site scripting XSS vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter...

CVE-2024-55488

A stored cross-site scripting XSS vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. NOTE: This has been disputed by the vendor since this potential attack is only possible via authenticated users who have been manually allowed...

CVE-2024-55488

A stored cross-site scripting XSS vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. NOTE: This has been disputed by the vendor since this potential attack is only possible via authenticated users who have been manually allowed...

CVE-2024-55488

CVE-2024-55488 affects Umbraco CMS v14.3.1 via a stored XSS in the Rich Text/Document context. The root cause cited is the absence of HTML sanitization at the product level, with the vendor disputing exploitation only via authenticated, whitelisted users. Impact per sources is the ability to exec...

Umbraco CMS 安全漏洞

Umbraco CMS is a content management system from Umbraco, Denmark. A security vulnerability exists in Umbraco CMS version v14.3.1 that stems from vulnerability to a stored cross-site scripting attack that allows an attacker to execute arbitrary web script or HTML via a crafted payload...

CVE-2025-23039

Caido is a web security auditing toolkit. A Cross-Site Scripting XSS vulnerability was identified in Caido v0.45.0 due to improper sanitization in the URL decoding tooltip of HTTP request and response editors. This issue could allow an attacker to execute arbitrary scripts, potentially leading to...

CVE-2024-57776

A cross-site scripting XSS vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-57771

A cross-site scripting XSS vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

IBM CICS TX Advanced 跨站脚本漏洞

IBM CICS TX Advanced is a transaction processing monitoring system from International Business Machines IBM for running large-scale, high-transaction-volume applications in enterprise environments. IBM CICS TX Advanced suffers from a cross-site scripting vulnerability that stems from the...

JFinalOA 安全漏洞

JFinalOA is an enterprise office system developed on the JFinal framework by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01. An attacker exploiting this vulnerability could execute arbitrary web script or HTML via a specially crafted payloa...

CVE-2024-57772

A cross-site scripting XSS vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-57774

CVE-2024-57774 describes a cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA prior to v2025.01.01. The underlying issue is input handling in that interface allowing crafted payloads to execute arbitrary script/HTML in a victim’s browser. Affecte...

JFinalOA 安全漏洞

JFinalOA is an enterprise office system developed on the JFinal framework by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01. An attacker exploiting this vulnerability could execute arbitrary web script or HTML via a specially crafted payloa...

CVE-2024-41453

A cross-site scripting XSS vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter...

CVE-2025-22997

A stored cross-site scripting XSS vulnerability in the prftablecontent component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter...

CVE-2024-41453

CVE-2024-41453 : In Process Maker pm4core-docker 4.1.21-RC7, a cross-site scripting (XSS) vulnerability exists via a crafted payload injected into the Name parameter. Red Hat entries also confirm CVE-2024-41454 as an arbitrary file upload vulnerability in the UI login page logo upload function, e...

ProcessMaker 安全漏洞

ProcessMaker is a Php-written site builder for business process management BPM and workflow management from ProcessMaker, Inc. in the United States. A security vulnerability exists in ProcessMaker pm4core-docker version 4.1.21-RC7, which stems from the inclusion of a cross-site scripting...

CVE-2025-22996

A stored cross-site scripting XSS vulnerability in the spftablecontent component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter...

CVE-2024-53563

The CVE-2024-53563 entry concerns Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10, reporting a stored XSS vulnerability in the device’s web interface that allows an attacker to inject a crafted payload to execute arbitrary web scripts or HTML. The documents consistently identify the affected product...