7602 matches found
CVE-2025-43877
CVE-2025-43877 affects Elecom WRC-1167GHBK2-S: stored cross-site scripting in WebGUI enabling script execution in a user’s browser upon WebGUI access. Affected product scope includes all versions of WRC-1167GHBK2-S (per JVN/Red Hat entries); no explicit firmware version fix is provided in the con...
CVE-2025-43877
WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product...
JetBrains TeamCity 跨站脚本漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a cross-site...
WordPress plugin Automatically Hierarchic Categories in Menu 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Automatically Hierarchic Categories in Menu plugin, which stems from the application's lack of effective filtering a...
WordPress plugin Anant Addons for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Anant Addons for Elementor plugin, which stems from the application's lack of effective filtering and escaping of...
CVE-2025-45661
A cross-site scripting XSS vulnerability in miniTCG v1.3.1 beta allows attackers to execute abritrary web scripts or HTML via injecting a crafted payload into the id parameter at /members/edit.php...
CVE-2025-45661
A cross-site scripting XSS vulnerability in miniTCG v1.3.1 beta allows attackers to execute abritrary web scripts or HTML via injecting a crafted payload into the id parameter at /members/edit.php...
CVE-2025-5237
CVE-2025-5237 (Target Video Easy Publish, WordPress) is a stored XSS vulnerability. The issue affects Target Video Easy Publish plugin versions up to 3.8.5, where the width parameter is not properly sanitized/escaped. An attacker with Contributor-level access or higher can inject scripts that exe...
CVE-2025-45661
A cross-site scripting XSS vulnerability in miniTCG v1.3.1 beta allows attackers to execute abritrary web scripts or HTML via injecting a crafted payload into the id parameter at /members/edit.php...
WordPress Hot Random Image Cross-Site Scripting Vulnerability
WordPress Hot Random Image is a basic plugin for displaying randomly selected images from a specified folder. A cross-site scripting vulnerability exists in WordPress Hot Random Image, which stems from insufficient link parameter input cleanup and escaping, and can be exploited by an attacker to...
CVE-2025-4987
A stored Cross-site Scripting XSS vulnerability affecting Opportunity Management in Project Portfolio Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...
Dassault Systèmes Project Portfolio Manager 安全漏洞
Dassault Systèmes Project Portfolio Manager is an application from Dassault Systèmes France. It is responsible for developing and implementing the project portfolio management process. A security vulnerability exists in Dassault Systèmes Project Portfolio Manager that stems from a stored cross-si...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the addPortlet.polyfill.js process. An attacker can execute arbitrary HTML or JavaScript code in the context of a user's browser by editing preference menu heading messages that are rendered without proper...
CVE-2025-28380
Summary of CVE-2025-28380 : OpenC3 COSMOS is affected by an XSS vulnerability that enables execution of arbitrary web scripts/HTML via a crafted payload in a URL parameter, observed in versions prior to 6.0.2. The reports consistently identify the vulnerable component as the web-facing URL parame...
OpenC3 COSMOS 安全漏洞
OpenC3 COSMOS is an OpenC3 open source application. A security vulnerability exists in OpenC3 COSMOS versions prior to v6.0.2, which originates from the injection of a specially crafted payload into URL parameters and could lead to the execution of arbitrary web script or HTML...
MailEnable failure.aspx component cross-site scripting vulnerability
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...
CVE-2024-37395
A stored cross-site scripting XSS vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Survey Title' and 'Survey Instructions' fields. This vulnerability could be exploited by...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a comprehensive content management solution from Adobe. Adobe Experience Manager suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in form fields, which can be exploited by an attacker t...
CVE-2024-37396
A stored cross-site scripting XSS vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Notes' field of a calendar event. This could lead to the execution of malicious scripts when the...
OESA-2025-1608 yelp security update
Yelp is the help viewer in GNOME. It natively views Mallard, DocBook, man, info, and HTML documents. It can locate documents according to the freedesktop.org help system specification. Security Fixes: A flaw was found in Yelp. The Gnome user help application allows the help document to execute...