CVE-2025-45406

A stored cross-site scripting XSS vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbartime parameter. NOTE: this is disputed by the Supplier because attackers cannot influence the value of debugbartime, and...

GHSA-269J-37WW-CMH3 Mezzanine CMS vulnerable to Cross-site Scripting

A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...

CVE-2024-53287

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in VPN Setting functionality in Synology Router Manager SRM before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified...

CVE-2024-53287

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in VPN Setting functionality in Synology Router Manager SRM before 1.3.1-9346-11 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified...

CVE-2025-51396

A stored cross-site scripting XSS vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter...

CVE-2025-51398

A stored cross-site scripting XSS vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

CVE-2025-51860

Stored Cross-Site Scripting XSS in TelegAI telegai.com 2025-05-26 in its chat component and character container component. An attacker can achieve arbitrary client-side script execution by crafting an AI Character with SVG XSS payloads in either description, greeting, example dialog, or system...

CVE-2025-51860

Stored Cross-Site Scripting XSS in TelegAI telegai.com 2025-05-26 in its chat component and character container component. An attacker can achieve arbitrary client-side script execution by crafting an AI Character with SVG XSS payloads in either description, greeting, example dialog, or system...

CVE-2025-51403

A stored cross-site scripting XSS vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter...

CVE-2025-51397

A stored cross-site scripting XSS vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists...

CVE-2025-51401

A stored cross-site scripting XSS vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the operator name parameter...

CVE-2025-51400

A stored cross-site scripting XSS vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

CVE-2025-51397

A stored cross-site scripting XSS vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists...

CVE-2025-51400

A stored cross-site scripting XSS vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

CVE-2025-51396

A stored cross-site scripting XSS vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter...

CVE-2025-51400

A stored cross-site scripting XSS vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

CVE-2025-51401

A stored cross-site scripting XSS vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the operator name parameter...

CVE-2025-51400

A stored cross-site scripting XSS vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

CVE-2025-51403

Vulnerability : CVE-2025-51403 affects Live Helper Chat (v4.60/v4.61 era) in the department assignment editing module. The issue is a stored XSS via the Alias Nick field, caused by insufficient validation/escaping of user input. Impact : stored XSS could allow a logged-in user with low privileges...

CVE-2025-51398

A stored cross-site scripting XSS vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...