Cross-site Scripting

webreinvent/vaahcms is vulnerable to Cross-Site Scripting. The vulnerability is due to improper sanitization in the storeAvatar upload method of UserBase.php, where crafted input can be stored and later executed in a user’s browser, allowing a remote attacker to run arbitrary JavaScript code...

PT-2025-49115

Name of the Vulnerable Software and Affected Versions Nextcloud versions prior to 22.2.10.33 Nextcloud versions prior to 23.0.12.29 Nextcloud versions prior to 24.0.12.28 Nextcloud versions prior to 25.0.13.23 Nextcloud versions prior to 26.0.13.20 Nextcloud versions prior to 27.1.11.20 Nextcloud...

PT-2025-49146

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.6.37 Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. A Stored Cross-Site Scripting XSS issue was identified in the Notes PDF download functionality. ...

ObjectPlanet Opinio 安全漏洞

ObjectPlanet Opinio is an online survey system from ObjectPlanet Norway. A security vulnerability exists in ObjectPlanet Opinio version 7.26 rev12562, which stems from the presence of stored cross-site scripting in the survey import function, which could allow an attacker to inject arbitrary...

Cross-site Scripting (XSS)

Overview feehi/cms is a Feehi CMS project template. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the id parameter in the User Update function. An attacker can execute arbitrary JavaScript code in the context of a user's browser by injecting malicious input...

Cross-Site Scripting (XSS)

qwc2 is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user-supplied input in the attribute table, which allows an authorized attacker to inject and execute arbitrary JavaScript code...

CVE-2025-64130

Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser...

CVE-2025-64130

Zenitel TCIV-3+ is affected by a reflected cross-site scripting vulnerability that could allow a remote attacker to run arbitrary JavaScript in a victim’s browser. The issue is described across multiple sources (NVD/Red Hat/EUVD/CVELIST/CISA) as a reflected XSS affecting the device, with the vuln...

CVE-2025-65237

OpenCode Systems USSD Gateway OC Release 5 is affected by a reflected XSS vulnerability that lets an attacker inject arbitrary JavaScript into a user’s browser by sending a crafted payload. The issue is documented across multiple sources (e.g., Red Hat CVE entry and NVD) with a CVSSv3.1 base scor...

CVE-2025-65237

A reflected cross-site scripted XSS vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload...

REDAXO 安全漏洞

REDAXO is a content management system from REDAXO open source. A security vulnerability exists in REDAXO versions prior to 5.20.1, which stems from reflective cross-site scripting in the Mediapool view and could lead to arbitrary JavaScript execution...

CVE-2025-60796

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting XSS vulnerabilities across various components. User-supplied input from $REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.ph...

Cross-site Scripting (XSS)

Overview @astrojs/internal-helpers is an Internal helpers used by core Astro packages. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the isRemoteAllowed function. An attacker can execute arbitrary JavaScript in the victim's browser by submitting a crafted SVG...

CVE-2025-63879

A reflected cross-site scripted XSS vulnerability in the /ecommerce/products.php component of E-commerce Project v1.0 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the id parameter...

CVE-2025-51662

A stored cross-site scripting XSS vulnerability is found in the text sharing feature of FileCodeBox version 2.2 and earlier. Insufficient input validation allows attackers to inject arbitrary JavaScript code into shared text "codeboxes". The xss payload is automatically executed in the browsers o...

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Image Name parameter in the /maps/nodeimage endpoint. An attacker can execute...

LibreNMS 跨站脚本漏洞

LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. A cross-site scripting vulnerability exists in LibreNMS versions prior to 25.11.0, which...

E-commerce 安全漏洞

E-commerce is a dynamic e-commerce website by the individual developer Bhabishya Ghimire. A security vulnerability exists in E-commerce v1.0, which originates from DOM-type cross-site scripting and could lead to arbitrary JavaScript execution...

CVE-2025-64758

@dependencytrack/frontend is a Single Page Application SPA used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Since version 4.12.0, Dependency-Track users with the SYSTEMCONFIGURATION permission...

Dependency-Track Front-End 跨站脚本漏洞

Dependency-Track Front-End is a Dependency-Track open source front-end UI for dependency tracking. A cross-site scripting vulnerability exists in Dependency-Track Front-End versions 4.12.0 through prior to 4.13.6, which stems from improper HTML cleanup and could lead to arbitrary JavaScript...