Output Messenger 安全漏洞

Output Messenger is an enterprise-grade instant messaging and collaboration software from Output Messenger, Inc. that provides secure internal communications, file sharing, screen sharing, and remote desktop control. A security vulnerability exists in Output Messenger versions prior to 2.0.63,...

CVE-2025-0757

Overview The software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. CWE-79 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and...

CVE-2025-27494

A vulnerability has been identified in SiPass integrated AC5102 ACC-G2 All versions V6.4.9, SiPass integrated ACC-AP All versions V6.4.9. Affected devices improperly sanitize input for the pubkey endpoint of the REST API. This could allow an authenticated remote administrator to escalate privileg...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the user details viewing functionality. An attacker can manipulate the host header in HTTP requests to gain unauthorized access to view...

CVE-2024-52882

An issue was discovered in AudioCodes One Voice Operations Center OVOC before 8.4.582. Due to improper neutralization of input via the devices API, an attacker can inject malicious JavaScript code XSS to attack logged-in administrator sessions...

CVE-2024-52882

CVE-2024-52882 affects AudioCodes One Voice Operations Center (OVOC) prior to 8.4.582. The issue stems from improper neutralization of input via the devices API, enabling an attacker to inject malicious JavaScript (XSS) that targets logged-in administrator sessions. Impact is limited to cross-sit...

CVE-2024-52882

An issue was discovered in AudioCodes One Voice Operations Center OVOC before 8.4.582. Due to improper neutralization of input via the devices API, an attacker can inject malicious JavaScript code XSS to attack logged-in administrator sessions...

SUSE CVE-2025-0825

cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters "\r\n" when those are prefixed with a null byte. This enables attackers to exploit CRLF injection that could further lead to HTTP Response Splitting, XSS, and more...

PT-2025-5187 · Pastebin · Pastebin

Name of the Vulnerable Software and Affected Versions: Pastebin versions n/a through 1.5 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an attacker can inject maliciou...

CVE-2025-23366

A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...

CVE-2025-23366

A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups...

PT-2025-1476 · Unknown · Selesta Visual Access Manager

The software that is vulnerable is Selesta Visual Access Manager, specifically versions less than 4.42.2. The vulnerability is a Cross Site Scripting XSS vulnerability that can be exploited via the /common/autocomplete.php file. This vulnerability has been assigned the CVE identifier...

CVE-2024-56363 APTRS has SSTI vulnerability

APTRS Automated Penetration Testing Reporting System is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. In 1.0, there is a vulnerability in the web application's handling of user-supplied input that is incorporated into a Jinja2...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the toHTMLEx method. An attacker can execute arbitrary JavaScript code by injecting malicious input. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a...

CVE-2024-51209

Cross-Site Scripting XSS vulnerabilities in Anuj Kumar's Client Management System Version 1.2 allow local attackers to inject arbitrary web script or HTML via the search input field parameter to admin search invoice page and client search invoice page...

CVE-2024-11212

A vulnerability, which was classified as critical, has been found in SourceCodester Best Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/fetchproductdetails.php. The manipulation of the argument barcode leads to sql injection. The attack may...

Cross-site Scripting

Overview org.webjars.bowergithub.jasny:bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting through the data-loading-text attribute in the button component. An attacker can execute arbitrary...

CVE-2024-28984 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin interface...

CVE-2024-6046

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Employee Task Management System SQL注入漏洞

Employee Task Management System is an Employee Task Management System developed by Carlo Montero, an individual developer. A SQL injection vulnerability exists in Employee Task Management System v1.0, which is vulnerable to SQL injection via admin-manage-user.php...