114 matches found
CVE-2026-50230
Lyrion Music Server 9.2.0 contains an unauthenticated reflected cross-site scripting vulnerability in the server.log endpoint that allows attackers to inject arbitrary HTML and JavaScript code through the search parameter. Attackers can craft malicious URLs with JavaScript payloads in the search...
BIT-GITLAB-2026-6335 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user to execute arbitrary code in another user's browser session due to improper sanitization...
CVE-2026-6335 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user to execute arbitrary code in another user's browser session due to improper sanitization...
CVE-2025-66486 Multiple vulnerabilities have been addressed in IBM Aspera Shares
IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
Siemens SIMATIC Improper Neutralization of Input During Web Page Generation (CVE-2025-40943)
Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right Read diagnostics, to import a specially crafted trace file. The malicious trace file is insufficiently sanitized...
EUVD-2026-8851
Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'customerName', in 'a3factura-app.wolterskluwer.es//incomes/salesInvoices' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...
CVE-2026-2680 Multiple vulnerabilities in A3factura software
Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'customerVATNumber', in 'a3factura-app.wolterskluwer.es//incomes/salesDeliveryNotes' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...
CVE-2026-2678
CVE-2026-2678 affects A3factura software with a Reflected XSS vulnerability in the web platform. The issue is triggered via the parameter 'name' in the endpoint a3factura-app.wolterskluwer.es/#/incomes/customers, allowing arbitrary script execution in a victim’s browser. CVSS 4.0 indicates a MEDI...
CVE-2026-2677 Multiple vulnerabilities in A3factura software
Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'name', in 'a3factura-app.wolterskluwer.es//incomes/representatives-management' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...
CVE-2026-2677
CVE-2026-2677 documents a reflected Cross-Site Scripting (XSS) vulnerability in the A3factura web platform. The issue occurs in the parameter 'name' for the endpoint a3factura-app.wolterskluwer.es/#/incomes/representatives-management, allowing an attacker to potentially execute arbitrary code in ...
PT-2026-22143
Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'customerVATNumber', in 'a3factura-app.wolterskluwer.es//incomes/salesDeliveryNotes' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...
PT-2026-21272
SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute,...
CVE-2026-26357
Dell Unisphere for PowerMax, version(s) 9.2.4.x , contains an Improper Neutralization of Input During Web Page Generation (XSS) vulnerability. A low-privilege, remote attacker could exploit this to execute malicious HTML/JavaScript in a victim's browser within the context of the vulnerable web ap...
CVE-2025-67231
A reflected cross-site scripting XSS vulnerability in ToDesktop Builder v0.33.1 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload...
CVE-2025-67231
A reflected cross-site scripting XSS vulnerability in ToDesktop Builder v0.33.1 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload...
CVE-2026-22913
Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data...
CVE-2026-22913
Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data...
CVE-2026-22913
Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data...
CVE-2026-22913
Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data...
SICK TDC-X401GL has security vulnerabilities
The SICK TDC-X401GL is a edge computing gateway developed by the German company SICK. The SICK TDC-X401GL has a security vulnerability, which stems from improper handling of URL parameters. This vulnerability could allow attackers to execute code in the browser after users log in...