CVE-2025-53631 flaskBlog XSS Vulnerability in postContent

flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution XSS on all pages the post is reflected on including /, /post/ID, /admin/posts, and /user/ID of the user...

FlaskBlog 跨站脚本漏洞

FlaskBlog is a simple blogging application built using Flask by Doğukan Ürker, an individual developer. A cross-site scripting vulnerability exists in flaskBlog 2.8.1 and earlier versions, which stems from improper postContent cleanup and could lead to arbitrary JavaScript execution...

CVE-2025-45313

A cross-site scripting XSS vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the title parameter...

CVE-2025-45314

CVE-2025-45314 describes an XSS in hortusfox-web v4.4 affecting the /Calendar endpoint, where a crafted payload injected into the add function allows arbitrary JavaScript execution in a user’s browser. The vulnerability is evidenced across multiple sources in the connected documents, including Re...

CVE-2025-45313

A cross-site scripting XSS vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the title parameter...

WellChoose Organization Portal System 跨站脚本漏洞

WellChoose Organization Portal System is an electronic directory service system from WellChoose in Taiwan, China. A cross-site scripting vulnerability exists in the WellChoose Organization Portal System that can be exploited by an attacker to execute arbitrary JavaScript code in a user's browser...

CVE-2025-45314

A cross-site scripting XSS vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the add function...

CVE-2025-51531

A reflected cross-site scripting XSS vulnerability in Sage DPW 202412004 and earlier allows attackers to execute arbitrary JavaScript in the context of a victim's browser via injecting a crafted payload into the tabfields parameter at /dpw/scripts/cgiip.exe/WService. The vendor has stated that th...

CVE-2012-10032

Maxthon3 before version 3.3 is vulnerable to cross-context scripting (XCS) via the about:history page. The trusted zone may execute injected script content with privileged context, enabling modification of browser configuration and execution of arbitrary code through Maxthon’s exposed DOM APIs (e...

CVE-2025-51569

A cross-site scripting XSS vulnerability exists in the LB-Link BL-CPE300M 01.01.02P42U1406 router's web interface. The /goform/goformgetcmdprocess endpoint fails to sanitize user input in the cmd parameter before reflecting it into a text/html response. This allows unauthenticated attackers to...

GHSA-MVJ3-HC7J-VP74 Microweber has Reflected XSS Vulnerability in the layout Parameter

Reflected Cross-Site Scripting XSS in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users...

Microweber has Reflected XSS Vulnerability in the id Parameter

Reflected Cross-Site Scripting XSS in the id parameter of the liveedit.modulesettings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript...

CVE-2025-51501

Reflected Cross-Site Scripting XSS in the id parameter of the liveedit.modulesettings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript...

CVE-2025-8319

the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter...

Microweber CMS 安全漏洞

Microweber CMS is a drag-and-drop website builder from Microweber Open Source. A security vulnerability exists in Microweber CMS version 2.0, which stems from reflected cross-site scripting in the layout parameter in the /admin/page/create page, which could lead to arbitrary JavaScript execution...

CVE-2025-51501

CVE-2025-51501 : Microweber CMS 2.0 is affected by a Reflected XSS in the id parameter of the live_edit.module_settings API endpoint. The vulnerability allows an authenticated attacker to inject and execute arbitrary JavaScript in a victim’s browser via the id parameter, with impact described as ...

GHSA-782F-GXJ5-XVQC Microweber Has Stored XSS Vulnerability in User Profile Fields

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...

Microweber Has Stored XSS Vulnerability in User Profile Fields

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...

CVE-2025-51503

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...

Cross-site Scripting (XSS)

Overview org.apache.jspwiki:jspwiki-main is a main release jar for Apache JSPWiki engine. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Image plugin. An attacker can execute arbitrary JavaScript in a victim's browser and access sensitive information by...