PT-2025-43144

Name of the Vulnerable Software and Affected Versions librechat version 0.7.9 Description A flaw exists in danny-avila/librechat version 0.7.9 that permits HTML injection through the Accept-Language header. A logged-in user sending an HTTP GET request with a specially crafted Accept-Language head...

CVE-2025-61255

Bank Locker Management System by PHPGurukul is affected by a Cross-Site Scripting XSS vulnerability via the /search parameter, where unsanitized input allows arbitrary HTML and JavaScript injection, potentially resulting in information disclosure and user redirection...

CVE-2025-61255

Bank Locker Management System by PHPGurukul is affected by a Cross-Site Scripting XSS vulnerability via the /search parameter, where unsanitized input allows arbitrary HTML and JavaScript injection, potentially resulting in information disclosure and user redirection...

CVE-2025-61255

CVE-2025-61255 is a cross-site scripting (XSS) vulnerability affecting the Bank Locker Management System by PHPGurukul, exploitable through the /search parameter where unsanitized input allows arbitrary HTML/JavaScript injection. This can lead to information disclosure and user redirection. The i...

CVE-2025-11925

Incorrect Content-Type header in one of the APIs text/html instead of application/json replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

EUVD-2025-34934

Incorrect Content-Type header in one of the APIs text/html instead of application/json replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-11925

Incorrect Content-Type header in one of the APIs text/html instead of application/json replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-11925

Incorrect Content-Type header in one of the APIs text/html instead of application/json replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-11925 Incorrect Content-Type Header

Incorrect Content-Type header in one of the APIs text/html instead of application/json replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-11925 Incorrect Content-Type Header

Incorrect Content-Type header in one of the APIs text/html instead of application/json replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-11925

The CVE-2025-11925 issue affects Azure Access Technology BLU-IC2 and BLU-IC4 (through version 1.19.5). The root cause is an improperly set Content-Type header in an API response, sending text/html instead of application/json. This mismatch could allow injection of HTML/JavaScript into replies. Ex...

CVE-2025-62412

LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts Alert Rules page is not properly sanitized, and can be used to inject HTML code. This vulnerability is fixed in 25.10.0...

EUVD-2025-34819

LibreNMS alert-rules has a Cross-Site Scripting Vulnerability...

CVE-2025-62412

LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts Alert Rules page is not properly sanitized, and can be used to inject HTML code. This vulnerability is fixed in 25.10.0...

GHSA-67PX-R26W-598X bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML)

Summary In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the admin/user’s browser. Details The application...

CVE-2025-62412

LibreNMS (Alerts > Alert Rules) is affected by an HTML injection vulnerability in the alert rule name field due to improper sanitization, enabling cross-site scripting (XSS). The issue is fixed in version 25.10.0. Remediation: upgrade to 25.10.0 or newer. Root cause notes across sources descri...

CVE-2025-62412 LibreNMS alert-rules Cross-Site Scripting Vulnerability

LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts Alert Rules page is not properly sanitized, and can be used to inject HTML code. This vulnerability is fixed in 25.10.0...

LibreNMS 安全漏洞

LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. A security vulnerability exists in LibreNMS versions prior to 25.10.0, which stems from...

Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails

Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Projecta are affected if the Mailgen.generatePlaintextemail method is used and passed in user-generated content. The issue was discovered and reported by Edoardo Ottavianelli @edoardottt. Details...

GHSA-Q4W9-X3RV-4C8J Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails

Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Projecta are affected if the Mailgen.generatePlaintextemail method is used and passed in user-generated content. The issue was discovered and reported by Edoardo Ottavianelli @edoardottt. Details...