7 matches found
CVE-2025-41089 Reflected Cross-Site Scripting (XSS) in CMS
Reflected Cross-Site Scripting XSS in Xibo CMS v4.1.2 from Xibo Signage, due to a lack of proper validation of user input. To exploit the vulnerability, the attacker must create a template in the 'Templates' section, then add an element that has the 'Configuration Name' field, such as the 'Clock'...
EUVD-2025-33693
Reflected Cross-Site Scripting XSS in Xibo CMS v4.1.2 from Xibo Signage, due to a lack of proper validation of user input. To exploit the vulnerability, the attacker must create a template in the 'Templates' section, then add an element that has the 'Configuration Name' field, such as the 'Clock'...
Cross Site Scripting (XSS)
org.opencrx: opencrx-core-models is vulnerable to HTML Injection. The vulnerability is due to a lack of proper input sanitization in the Product Configuration Name Field. This allows an attacker to inject malicious HTML into the application...
Cross-site Scripting in OpenCRX
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field...
Design/Logic Flaw
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field...
CVE-2023-40817
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field...
CVE-2023-40817
OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field...