Microweber CMS 安全漏洞

Microweber CMS is a drag-and-drop website builder from Microweber Open Source. A security vulnerability exists in Microweber CMS version 2.0, which stems from reflective cross-site scripting in the id parameter in the liveedit.modulesettings API endpoint, which could lead to arbitrary JavaScript...

Exploit for CVE-2025-51860

CVE-2025-51860 Vulnerability description TelegAI, a web...

CVE-2024-30114

Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment...

WordPress plugin RRSSB 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

WordPress Custom CSS, JS and PHP 2.4.1 CSRF / Remote Code Execution

WordPress Custom CSS, JS and PHP versions 2.4.1 and below suffer from a cross site request forgery vulnerability that leads to remote code execution...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Response Content-Type parameter. An attacker can execute arbitrary scripts in the context of the victim's browser session by manipulating the content type of responses. PoC...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the rex-api-result parameter. An attacker can execute arbitrary scripts in the context of the user's browser session by crafting a malicious URL that injects JavaScript into the web page. Details...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the webhook integration process. An attacker can execute arbitrary scripts in the context of the victim's browser session by injecting malicious payloads into the webhook settings. Details Cross-site...

Advisory ROSA-SA-2025-2650

Software: webmin 2.105 WASP: ROSA-CHROME packageevrstring: webmin-2.105-1 CVE-ID: CVE-2022-3844 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in Webmin allows basic client-side scripting to be run via the xterm/index.cgi function. CVE-STATUS: The vulnerability has been resolved CVE-REV...

PT-2024-32901 · Tecnick · Tcexam

Name of the Vulnerable Software and Affected Versions: Tecnick TCExam affected versions not specified Description: The issue is related to Cross-site Scripting XSS due to improper neutralization of input during web page generation. This can lead to the execution of malicious scripts on the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toHTMLEx method due to improper input sanitization. An attacker can execute arbitrary JavaScript code by injecting malicious scripts into the input data processed by this method. Details Cross-site...

Bosch Nexo cordless nutrunner security breach

Bosch Nexo Cordless nutrunner is a series of cordless tightening wrenches with integrated controls from Bosch Germany. A security vulnerability exists in Bosch Nexo cordless nutrunner. The vulnerability allows remote attackers to inject and execute arbitrary client-side scripting code within a...

Bosch Nexo cordless nutrunner security breach

Bosch Nexo Cordless nutrunner is a series of cordless tightening wrenches with integrated controls from Bosch Germany. A security vulnerability exists in Bosch Nexo cordless nutrunner. The vulnerability allows remote attackers to inject and execute arbitrary client-side scripting code within a...

PT-2023-8136 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue is related to a Cross-site Scripting DOM-based XSS vulnerability. It can be exploited if a low-privileged attacker convinces a victim to visit a URL referencing a...

BPC SmartVista 跨站脚本漏洞

BPC SmartVista is an end-to-end solution for electronic payment systems. A security vulnerability exists in BPC SmartVista version 3.28.0, which stems from its handling of error messages and allows an attacker to execute javascript code on the client side...

WordPress plugin Checkout Files Upload for WooCommerce跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed using the PHP language. WordPress Checkout Files Upload for WooCommerce plugin 2.1.2 and previous versions contain a cross-site scripting vulnerability that stems from a lack of data...

Aruba ClearPass Policy Manager 跨站脚本漏洞

Aruba ClearPass Policy Manager is an application of the U.S. company Aruba to provide wireless network security access management system Aruba ClearPass Policy Manager has a cross-site scripting vulnerability, an attacker can use the vulnerability to execute JavaScript code on the client side...

MediaWiki 跨站脚本漏洞

MediaWiki is a web-based wiki engine from the MediaWiki Foundation in the United States. The product can be used to deploy internal knowledge management and content management systems.A cross-site scripting vulnerability exists in versions of MediaWiki prior to 2022-04-29, which stems from an RSS...

FUEL CMS 跨站脚本漏洞

FUEL CMS is a content management system CMS based on the Codelgniter framework. version 1.5.1 of FUEL CMS suffers from a cross-site scripting vulnerability, which stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit the vulnerability to...

DouCo DouPHP 跨站脚本漏洞

DouPHP is a lightweight enterprise content management system CMS from China DouShell Network Technology, Inc. A cross-site scripting vulnerability exists in DouPHP, which stems from a lack of data validation filtering of user-supplied and output data in /admin/cloud.php. An attacker could exploit...