Lucene search
+L

1501 matches found

Cvelist
Cvelist
added 2025/12/31 10:15 p.m.30 views

CVE-2025-67705 Reflected XSS vulnerability in ArcGIS Server.

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

6.1CVSS0.00193EPSS
Exploits0References1
OSV
OSV
added 2025/12/26 3:15 p.m.5 views

CVE-2025-36230

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS5.8AI score0.00166EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/26 2:22 p.m.4 views

EUVD-2025-205439

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS6.1AI score0.00166EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/26 2:22 p.m.32 views

CVE-2025-36230 XSS in IBM Aspera Faspex

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.4CVSS0.00166EPSS
Exploits0References1
OSV
OSV
added 2025/12/18 2:15 p.m.6 views

CVE-2025-40892

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a...

8.9CVSS5.8AI score0.00218EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/18 1:16 p.m.31 views

CVE-2025-40892 Stored Cross-Site Scripting (XSS) in Reports in Guardian/CMC before 25.5.0

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a...

8.9CVSS0.00218EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.5 views

PT-2025-52328

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A stored cross-site scripting issue exists in Kentico Xperience. This allows attackers to inject malicious scripts through the configuration of form validation rules. Successful...

5.4CVSS5.8AI score0.00143EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.6 views

PT-2025-52220

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a...

8.9CVSS5.2AI score0.00218EPSS
Exploits0References1
NOZOMI
NOZOMI
added 2025/12/18 12:0 a.m.6 views

Stored Cross-Site Scripting (XSS) in Reports in Guardian/CMC before 25.5.0

Summary A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. Impact An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineer...

8.9CVSS5.2AI score0.00218EPSS
Exploits0Affected Software2
Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.10 views

PT-2025-51098

ShineLan-X contains a stored cross site scripting XSS vulnerability in the local configuration web server. The JavaScript code snippet can be inserted in the communication module’s settings center. This may allow attackers to force a legitimate user’s browser’s JavaScript engine to run malicious...

8.4CVSS5.7AI score0.00134EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/12 3:30 p.m.5 views

EUVD-2025-203087

SolarEdge monitoring platform contains a Cross‑Site Scripting XSS flaw that allows an authenticated user to inject payloads into report names, which may execute in a victim’s browser during a deletion attempt...

4.8CVSS5.8AI score0.00143EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/11 7:1 p.m.12 views

CVE-2025-64875

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.4AI score0.00173EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 7:1 p.m.8 views

CVE-2025-64585

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.6AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 7:1 p.m.12 views

CVE-2025-64572

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.5AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 7:1 p.m.5 views

CVE-2025-64614

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.6AI score0.00214EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/10 9:31 p.m.5 views

EUVD-2025-202571

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5AI score0.00214EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/10 9:31 p.m.4 views

EUVD-2025-202564

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5AI score0.00214EPSS
Exploits0References2
OSV
OSV
added 2025/12/10 7:16 p.m.10 views

CVE-2025-64553

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.7AI score0.00173EPSS
Exploits0References1
CVE
CVE
added 2025/12/10 6:23 p.m.21 views

CVE-2025-64623

Adobe Experience Manager (AEM)

5.4CVSS5.1AI score0.00214EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/10 6:23 p.m.33 views

CVE-2025-64853 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS0.00173EPSS
Exploits0References1
Rows per page
Query Builder