93 matches found
CVE-2025-53858
ChatLuck contains a cross-site scripting vulnerability in Chat Rooms. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing the product...
CVE-2025-53858
ChatLuck contains a cross-site scripting vulnerability in Chat Rooms. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing the product...
JVN#72111431: Multiple vulnerabilities in Group-Office
Group-Office provided by Intermesh BV contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 4.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2025-53504 Path traversal CWE-22...
CVE-2025-41442
A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting XSS attack. By manipulating certain input parameters, an attacker could execute unauthorized scripts in the user's browser, potentially leading to information disclosu...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through multiple system messages. An attacker can execute arbitrary scripts in the context of the user's browser by inserting malicious content into editable interface elements. Details Cross-site scripting or X...
CVE-2025-47040
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-46908
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2024-52887
CVE-2024-52887 affects Check Point Mobile Access (R82 and prior). An authenticated end-user can set a specially crafted SNX bookmark that causes their browser to execute a script when accessing the bookmark list (stored/self-XSS in the ‘favorites’ dialog). Exact impact details are not quantified ...
Hewlett Packard Enterprise Aruba Networking Fabric Composer 安全漏洞
Hewlett Packard Enterprise Aruba Networking Fabric Composer HPE Aruba Networking Fabric Composer is an intelligent, API driven, software-defined orchestration solution from Hewlett Packard Enterprise. A security vulnerability exists in Hewlett Packard Enterprise Aruba Networking Fabric Composer. ...
Dassault Systèmes ENOVIA Collaborative Industry Innovator 安全漏洞
Dassault Systèmes ENOVIA Collaborative Industry Innovator is an essential toolset for real-time, secure and structured collaboration and product content management for an engineering team at Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes ENOVIA Collaborative Indust...
PT-2024-9713 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be exploited by an attacker to inject malicious scripts into vulnerable form fields. This cou...
Cross-site Scripting (XSS)
Overview mojo42/jirafeau is a provides a simple way to upload a file. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the manipulation of MIME types during the upload process. An attacker can execute scripts in the context of the user's browser session. Details...
Dassault Systèmes 3DEXPERIENCE 安全漏洞
Dassault Systèmes 3DEXPERIENCE is a business and innovation platform from Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes 3DEXPERIENCE versions R2022x through R2024x, which stems from susceptibility to a stored cross-site scripting attack that allows an attacker to...
CVE-2024-6379
A reflected Cross-site Scripting XSS vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2024-21686
This High severity Stored XSS vulnerability was introduced in versions 7.13 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 7.3, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...
PT-2024-21278 · Tvrock · Tvrock
Name of the Vulnerable Software and Affected Versions: TvRock version 0.9t8a Description: A cross-site scripting vulnerability exists, allowing an arbitrary script to be executed on the web browser of the user accessing the website that uses the product. The developer was unreachable, and users...
CVE-2024-20337
A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed CRLF injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could...
PT-2023-21483 · Hcl · Hcl Connections
Name of the Vulnerable Software and Affected Versions: HCL Connections affected versions not specified Description: The issue allows an attacker to execute arbitrary script code in the browser of an unsuspecting user after visiting a vulnerable URL, leading to the execution of malicious script...
CVE-2023-43734
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...
CVE-2023-43713
Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability, which allows attackers to inject JS via the "title" parameter, in the "/admin/admin-menu/add-submit" endpoint, which can lead to unauthorized execution of scripts in a user's web browser...