EUVD-2025-201431

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/plugin-config/dashboards/menus endpoint. When an authenticated user adds or edits a dashboard entry, the label and path values are stored in plugin configuration data and...

LoLLMs Cross-Site Scripting Vulnerability

LoLLMs is a web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A cross-site scripting vulnerability exists in lollms-webui that originates from a vulnerability that allows an attacker to inject malicious script via a chat message and then execute it in the...

PT-2024-40354 · Shopware · Shopware

Name of the Vulnerable Software and Affected Versions: Shopware eCommerce platform affected versions not specified Description: A non-persistent Cross-Site Scripting XSS issue has been identified in the frontend of the platform. This issue may allow an attacker to inject and execute malicious...

LRS Security Vulnerabilities

LRS is a protocol, specification, and logic for building xAPI Learning Record Stores LRS in ClojureScript open source by Yet Analytics. A security vulnerability exists in LRS versions prior to 1.2.17. An attacker exploits this vulnerability to execute script or other markup injections in a browse...

DEBIAN-CVE-2023-49086

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. A vulnerability in versions prior to 1.2.27 bypasses an earlier fix for CVE-2023-39360, therefore leading to a DOM XSS attack. Exploitation of the vulnerability is possible for an...