CVE-2019-19371

A cross-site scripting XSS vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient validation in the join meeting interface. A successful exploit could...

CVE-2009-3303

Cross-site scripting XSS vulnerability in www/help/tracker.php in GForge 4.5.14, 4.7 rc2, and 4.8.1 allows remote attackers to inject arbitrary web script or HTML via the helpname parameter...

PT-2025-22372

Name of the Vulnerable Software and Affected Versions cs seo extension versions prior to 9.2.1 Description The issue concerns a cross-site scripting XSS vulnerability. It allows backend users to execute arbitrary scripts via the JSON-LD output. Recommendations For versions prior to 9.2.1, update ...

yelp: Arbitrary file read

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...

yelp: Arbitrary file read

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...

Reflected Cross-Site Scripting (Reflected XSS)

yeswiki/yeswiki is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper sanitization of user input in the file upload form, which allows attackers to craft malicious links that execute arbitrary scripts in the victim’s browser...

yelp: Arbitrary file read

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...

CVE-2025-45236

A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...

yelp: Arbitrary file read

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...

yelp: Arbitrary file read

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...

yelp: Arbitrary file read

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...

CVE-2025-29660

A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...

CVE-2024-41446

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...

CVE-2024-41447

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...

CVE-2024-46494

A cross-site scripting XSS vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into Name parameter under a comment for an Article...

SUSE CVE-2025-3155

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...

📄 Microchip TimeProvider 4100 Grandmaster 2.4.6 Cross Site Scripting

Microchip TimeProvider 4100 Grandmaster version 2.4.6 suffers from a persistent cross site scripting vulnerability. Exploit Title: Microchip TimeProvider 4100 Grandmaster banner - Stored XSS Exploit Author: Armando Huesca Prida Discovered By: Armando Huesca Prida, Marco Negro, Antonio Carriero,...

DEBIAN-CVE-2025-3155

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...

UBUNTU-CVE-2025-3155

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...

CVE-2025-3155

CVE-2025-3155 is a documented flaw in Yelp (GNOME Help) where help documents can execute arbitrary scripts, enabling potential exfiltration of user files. The connected advisories corroborate that this affects the Yelp/Yelp-xsl components across multiple distributions (e.g., Debian, Red Hat-deriv...