PT-2025-34700

Name of the Vulnerable Software and Affected Versions: WebErpMesv2 version 1.17 Description: A file upload vulnerability exists in the app/Http/Controllers/FactoryController.php controller. An authenticated attacker can upload arbitrary files, including PHP scripts. These files are accessible via...

CVE-2025-55620

A cross-site scripting XSS vulnerability in the valuateJavascript function of Reolink v4.54.0.4.20250526 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Group Office 跨站脚本漏洞

Group Office is a modular office suite from the Dutch company Group Office. A cross-site scripting vulnerability exists in Group Office versions prior to 6.8.119 and prior to 25.0.20, which stems from a cross-site scripting attack that could lead to the execution of arbitrary script...

WordPress BaiduXZH Submit plugin cross-site scripting vulnerability

WordPress BaiduXZH Submit plugin is a third-party WordPress plugin, mainly used for automatic submission of website content to Baidu Bear Paw, to achieve rapid inclusion within 24 hours, and support for original protection features. WordPress BaiduXZH Submit plugin has a cross-site scripting...

WordPress Anber Elementor Addon plugin cross-site scripting vulnerability

WordPress Anber Elementor Addon plugin is an Elementor plugin extension for WordPress, designed to provide more customization for website design. WordPress Anber Elementor Addon plugin suffers from a cross-site scripting vulnerability that stems from insufficient parameter input cleanup, which ca...

WordPress plugin Anber Elementor Addon 跨站脚本漏洞

WordPress Anber Elementor Addon plugin is an Elementor plugin extension for WordPress, designed to provide more customization for website design. WordPress Anber Elementor Addon plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering...

WordPress plugin Advanced iFrame 跨站脚本漏洞

WordPress Advanced iFrame plugin is a plugin for WordPress platform which is mainly used for embedding iframe content in websites. The WordPress Advanced iFrame plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

WordPress plugin Alobaidi Captcha 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Alobaidi Captcha plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

WordPress Mosaic Generator plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Mosaic Generator plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-suppli...

WordPress plugin GMap Generator 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress GMap Generator plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

CVE-2025-55006 Frappe Learning Holds Potential for Malicious SVG Upload in Image Upload Feature

Frappe Learning is a learning system that helps users structure their content. In versions 2.33.0 and below, the image upload functionality did not adequately sanitize uploaded SVG files. This allowed users to upload SVG files containing embedded JavaScript or other potentially malicious content...

CLSA-2025-1754413156 git: Fix of 2 CVEs

CVE-2025-27614: fix a vulnerability in Gitk that allowed arbitrary script execution via specially crafted filenames in a repository - CVE-2025-27614: fix a vulnerability in Gitk that allowed arbitrary file creation/truncation - CVE-2025-46835: fix a vulnerability in Git GUI where editing files in...

WordPress plugin WP Easy Contact 跨站脚本漏洞

WordPress WP Easy Contact plugin is mainly used for website message function management, support users to submit messages and send them to the administrator's mailbox. WordPress WP Easy Contact plugin suffers from a cross-site scripting vulnerability that stems from the lack of effective filterin...

CVE-2025-26065

A cross-site scripting XSS vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a visiting Wi-Fi network...

CVE-2025-51534

A cross-site scripting XSS vulnerability in Austrian Archaeological Institute AI OpenAtlas v8.11.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field...

PT-2025-31830 · Austrian Archaeological Institute · Openatlas

Name of the Vulnerable Software and Affected Versions: Austrian Archaeological Institute AI OpenAtlas version 8.11.0 Description: OpenAtlas contains a cross-site scripting XSS issue. Attackers can inject a crafted payload into the Name field, enabling the execution of arbitrary web scripts or HTM...

CVE-2025-26065

A cross-site scripting XSS vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a visiting Wi-Fi network...

CVE-2025-26064

A cross-site scripting XSS vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a connnected device...

WordPress plugin All in One Time Clock Lite 跨站脚本漏洞

WordPress All in One Time Clock Lite plugin is a plugin for tracking employee's working hours and supports employee/volunteer/contractor attendance recording and report generation. The WordPress All in One Time Clock Lite plugin suffers from a cross-site scripting vulnerability that stems from th...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-18563)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...