Advantech iView 跨站脚本漏洞

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. A cross-site scripting vulnerability exists in Advantech iView due to improper validation of user-supplied input. An attacker could use this vulnerability to execute...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through multiple system messages. An attacker can execute arbitrary scripts in the context of the user's browser by inserting malicious content into editable interface elements. Details Cross-site scripting or X...

CVE-2025-47040

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-46908

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2018-16549

HScripts PHP File Browser Script v1.0 allows Directory Traversal via the index.php path parameter...

CVE-2024-52887

Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list...

CVE-2024-52887

CVE-2024-52887 affects Check Point Mobile Access (R82 and prior). An authenticated end-user can set a specially crafted SNX bookmark that causes their browser to execute a script when accessing the bookmark list (stored/self-XSS in the ‘favorites’ dialog). Exact impact details are not quantified ...

CVE-2020-5219

Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the...

Hewlett Packard Enterprise Aruba Networking Fabric Composer 安全漏洞

Hewlett Packard Enterprise Aruba Networking Fabric Composer HPE Aruba Networking Fabric Composer is an intelligent, API driven, software-defined orchestration solution from Hewlett Packard Enterprise. A security vulnerability exists in Hewlett Packard Enterprise Aruba Networking Fabric Composer. ...

CVE-2024-12694

Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Dassault Systèmes ENOVIA Collaborative Industry Innovator 安全漏洞

Dassault Systèmes ENOVIA Collaborative Industry Innovator is an essential toolset for real-time, secure and structured collaboration and product content management for an engineering team at Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes ENOVIA Collaborative Indust...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the toHTMLEx method. An attacker can execute arbitrary JavaScript code by injecting malicious input. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a...

PT-2024-9713 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be exploited by an attacker to inject malicious scripts into vulnerable form fields. This cou...

Cross-site Scripting (XSS)

Overview mojo42/jirafeau is a provides a simple way to upload a file. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the manipulation of MIME types during the upload process. An attacker can execute scripts in the context of the user's browser session. Details...

CVE-2024-7124

Improper Neutralization of Input During Web Page Generation vulnerability in DInGO dLibra software in the parameter 'filter' in the endpoint 'indexsearch' allows a Reflected Cross-Site Scripting XSS. An attacker might trick somebody into using a crafted URL, which will cause a script to be run in...

Backstage 安全漏洞

Backstage is a Backstage open source application. Backstage is an open platform for building developer portals. Backstage 1.10.13 security vulnerability , the vulnerability stems from the TechDocs storage bucket content controlled by an attacker , able to inject in the TechDocs content can be...

Dassault Systèmes 3DEXPERIENCE 安全漏洞

Dassault Systèmes 3DEXPERIENCE is a business and innovation platform from Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes 3DEXPERIENCE versions R2022x through R2024x, which stems from susceptibility to a stored cross-site scripting attack that allows an attacker to...

CVE-2024-6450 Reflected XSS in HyperView Geoportal Toolkit

HyperView Geoportal Toolkit in versions lower than 8.5.0 is vulnerable to Reflected Cross-Site Scripting XSS. An unauthenticated attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser...

CVE-2024-6450

CVE-2024-6450 affects HyperView Geoportal Toolkit

CVE-2024-6379

A reflected Cross-site Scripting XSS vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...