CVE-2025-9823 Reflected XSS in lead:addLeadTags - Quick Add

SummaryA Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

CVE-2025-9569

The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

CVE-2025-9568

The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

Linux Distros Unpatched Vulnerability : CVE-2019-1010091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The...

CVE-2025-55474

Many Notes 0.10.1 is vulnerable to Cross Site Scripting (XSS) via Markdown rendering, allowing JavaScript execution when viewed. CVSS v3.1 vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (base 6.1, MEDIUM). Connected sources reference a potential fix in v0.10.2, but explicit remediation details are n...

PT-2025-35585

Name of the Vulnerable Software and Affected Versions: Many Notes version 0.10.1 Description: Many Notes version 0.10.1 is susceptible to Cross Site Scripting XSS. This allows malicious Markdown files to execute JavaScript when viewed. Recommendations: At the moment, there is no information about...

CVE-2025-9567

CVE-2025-9567 affects Sunnet’s eHRD CTMS (the eHRD platform) and is described as a Reflected Cross-site Scripting vulnerability. The vulnerability allows unauthenticated remote attackers to cause arbitrary JavaScript execution in a user’s browser via phishing-type vectors. Technical details acros...

CVE-2025-50978

In Gitblit v1.7.1, a reflected cross-site scripting XSS vulnerability exists in the way repository path names are handled. By injecting a specially crafted path payload an attacker can cause arbitrary JavaScript to execute when a victim views the manipulated URL. This flaw stems from insufficient...

Linux Distros Unpatched Vulnerability : CVE-2021-33192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena...

Linux Distros Unpatched Vulnerability : CVE-2023-6033

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and...

Linux Distros Unpatched Vulnerability : CVE-2021-41165

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all...

Linux Distros Unpatched Vulnerability : CVE-2022-42890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics...

Linux Distros Unpatched Vulnerability : CVE-2023-28447

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execut...

CVE-2025-54543

QuickCMS is vulnerable to Stored XSS via sDescriptionMeta parameter in page editor SEO functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add...

CVE-2025-34521

CVE-2025-34521 – Arcserve UDP XSS : A reflected cross-site scripting vulnerability exists in the Arcserve Unified Data Protection web interface, where unsanitized input is reflected in HTTP responses. This can allow remote attackers with low privileges to craft malicious links that, when a user v...

CVE-2025-50977

A template injection vulnerability leading to reflected cross-site scripting XSS has been identified in version 1.7.1, requiring authenticated admin access for exploitation. The vulnerability exists in the 'r' parameter and allows attackers to inject malicious Angular expressions that execute...

CVE-2025-30036 Stored XSS permitting session takeover of arbitrary user

Stored XSS vulnerability exists in the "Oddział" Ward module, in the death diagnosis description field, and allows the execution of arbitrary JavaScript code. This can lead to session hijacking of other users and potentially to privilege escalation up to full administrative rights...

CVE-2025-30036

CVE-2025-30036 describes a stored XSS in the Oddział (Ward) module, within the death diagnosis description field. The flaw permits execution of arbitrary JavaScript, which can cause session hijacking of other users and potentially escalate privileges up to full admin rights. The provided metrics ...

Linux Distros Unpatched Vulnerability : CVE-2021-39906

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf...

esri Portal for ArcGIS Enterprise Sites Cross-Site Scripting Vulnerability (CNVD-2025-21186)

esri Portal for ArcGIS Enterprise Sites is an enterprise-level geographic information sharing platform from ESRI that allows users within an organization to view, edit, and share geographic information through the portal. A cross-site scripting vulnerability exists in esri Portal for ArcGIS...