6 matches found
CVE-2025-60646
A stored cross-site scripting XSS in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...
CVE-2025-60646
A stored cross-site scripting XSS in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...
CVE-2025-60646
A stored cross-site scripting XSS in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...
CVE-2025-60646
A stored cross-site scripting XSS in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...
CVE-2025-60646
CVE-2025-60646 is a stored cross-site scripting (XSS) vulnerability in the Business Line Management module of Xxl-api v1.3.0. The issue arises from user-controllable input in the Name parameter, enabling an attacker to inject arbitrary web scripts or HTML. Affected software: Xxl-api (Business Lin...
PT-2025-46688
Name of the Vulnerable Software and Affected Versions Xxl-api version 1.3.0 Description A stored cross-site scripting XSS issue exists in the Business Line Management module. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Name parameter...