CVE-2025-41406

CVE-2025-41406 affects wivia 5 all versions. Connected sources confirm a Cross-site Scripting (CWE-79) flaw where, when a user connects to the affected device with a specific operation, an arbitrary script can execute in the moderator’s web browser. No explicit exploit details are provided in the...

Dassault Systèmes Project Portfolio Manager 跨站脚本漏洞

Dassault Systèmes Project Portfolio Manager is an application from Dassault Systèmes, France. It is responsible for developing and implementing the project portfolio management process. A cross-site scripting vulnerability exists in Dassault Systèmes Project Portfolio Manager 3DEXPERIENCE R2022x...

PT-2025-23261 · Wivia 5 · Wivia 5

Name of the Vulnerable Software and Affected Versions: Wivia 5 affected versions not specified Description: A cross-site scripting issue exists. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the...

Dassault Systèmes Collaborative Industry Innovator 跨站脚本漏洞

Dassault Systèmes Collaborative Industry Innovator is a software for collaborative management from Dassault Systèmes France. A cross-site scripting vulnerability exists in Dassault Systèmes Collaborative Industry Innovator versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2025x, which originates...

Uchida Yoko wivia 跨站脚本漏洞

The Uchida Yoko wivia is a presentation aid from Uchida Yoko Japan that wirelessly projects a computer screen to a display device such as a projector. A cross-site scripting vulnerability exists in Uchida Yoko wivia that originates from cross-site scripting and could lead to the execution of...

WordPress plugin Bold Page Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Bold Page Builder plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

[SECURITY] [DLA 4185-1] yelp-xsl security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4185-1 [email protected] https://www.debian.org/lts/security/ Lucas Kanashiro May 28, 2025 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 5927-1] yelp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5927-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 28, 2025 https://www.debian.org/security/faq -...

Debian dla-4185 : yelp-xsl - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4185 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4185-1 [email protected] https://www.debian.org/lts/security/...

Debian dla-4184 : libyelp-dev - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4184 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4184-1 [email protected] https://www.debian.org/lts/security/...

CVE-2025-20168

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied...

CVE-2025-22997

A stored cross-site scripting XSS vulnerability in the prftablecontent component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter...

CVE-2025-21603

Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when accessing a crafted URL...

CVE-2024-9349

The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 5.4.2. This makes it possible for unauthenticated attackers t...

CVE-2024-44918

A cross-site scripting XSS vulnerability in the component admindatarelate.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-44920

A cross-site scripting XSS vulnerability in the component admincollectnews.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter...

CVE-2024-42412

Cross-site scripting vulnerability exists in ELECOM wireless access points due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser...

CVE-2024-42550

A cross-site scripting XSS vulnerability in the component /email/welcome.php of Mini Inventory and Sales Management System commit 18aa3d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter...

CVE-2024-20488

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user o...

CVE-2024-20443

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affect...