5124 matches found
PT-2025-47456
Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay.This issue affects Shopside: through 05022025...
Shopside App 安全漏洞
Shopside App is a shopping application by Shopside Turkey. A security vulnerability exists in Shopside App 05022025 and earlier versions, which stems from improper restriction of the rendering UI layer or frame, which may result in an iFrame override...
CVE-2025-64747
Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...
EUVD-2025-177203
Directus is Vulnerable to Stored Cross-site Scripting...
GHSA-VV2V-PW69-8CRF Directus is Vulnerable to Stored Cross-site Scripting
Summary A stored cross-site scripting XSS vulnerability exists that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface. Attackers can bypass Content Security Policy CSP restrictions by combining file uploads with iframe srcdo...
Directus is Vulnerable to Stored Cross-site Scripting
Summary A stored cross-site scripting XSS vulnerability exists that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface. Attackers can bypass Content Security Policy CSP restrictions by combining file uploads with iframe srcdo...
Cross-site Scripting (XSS)
Overview @directus/app is an App dashboard for Directus Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Block Editor interface when users with upload files and edit item permissions inject malicious JavaScript. An attacker can execute arbitrary scripts in the...
CVE-2025-64747 Directus Vulnerable to Stored Cross-site Scripting
Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...
CVE-2025-64747 Directus Vulnerable to Stored Cross-site Scripting
Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...
CVE-2025-64747 Directus Vulnerable to Stored Cross-site Scripting
Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...
CVE-2025-64401
Apache OpenOffice is affected by a vulnerability where documents with floating frames linked to external files can load external content without user permission. Root cause: missing Authorization to load external links. Affected versions: Apache OpenOffice up to 4.1.15. Impact: loading external f...
CVE-2025-63785
A DOM-based Cross-Site Scripting XSS vulnerability exists in the text editor feature of the Onlook web application 0.2.32. This vulnerability occurs because user-supplied input is not properly sanitized before being directly injected into the DOM via innerHTML when editing a text element. An...
EUVD-2025-38263
A DOM-based Cross-Site Scripting XSS vulnerability exists in the text editor feature of the Onlook web application 0.2.32. This vulnerability occurs because user-supplied input is not properly sanitized before being directly injected into the DOM via innerHTML when editing a text element. An...
CVE-2025-63785
A DOM-based Cross-Site Scripting XSS vulnerability exists in the text editor feature of the Onlook web application 0.2.32. This vulnerability occurs because user-supplied input is not properly sanitized before being directly injected into the DOM via innerHTML when editing a text element. An...
CVE-2025-63785
A DOM-based Cross-Site Scripting XSS vulnerability exists in the text editor feature of the Onlook web application 0.2.32. This vulnerability occurs because user-supplied input is not properly sanitized before being directly injected into the DOM via innerHTML when editing a text element. An...
CVE-2025-63785
A DOM-based Cross-Site Scripting XSS vulnerability exists in the text editor feature of the Onlook web application 0.2.32. This vulnerability occurs because user-supplied input is not properly sanitized before being directly injected into the DOM via innerHTML when editing a text element. An...
CVE-2025-63785
A DOM-based Cross-Site Scripting XSS vulnerability exists in the text editor feature of the Onlook web application 0.2.32. This vulnerability occurs because user-supplied input is not properly sanitized before being directly injected into the DOM via innerHTML when editing a text element. An...
CVE-2025-63785
CVE-2025-63785 affects the Onlook web application (version 0.2.32) in its text editor feature. The root cause is unsafe handling of user input: input is not sanitized before being injected into the DOM via innerHTML when editing a text element, enabling a DOM-based XSS attack. Exploitation would ...
Liferay Portal 7.2.0 < 7.4.3.112 XSS
Cross-site scripting XSS vulnerability in the Blogs widget in Liferay Portal allows remote attackers to inject arbitrary web script or HTML via a crafted injected into a blog entry's 'Content' text field. The Blogs widget does not add the sandbox attribute to elements, which allows remote attacke...
CVE-2025-62265
Cross-site scripting XSS vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allow...