Linux Distros Unpatched Vulnerability : CVE-2019-10066

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through...

Linux Distros Unpatched Vulnerability : CVE-2017-12980

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that us...

CVE-2025-50858

Reflected Cross-Site Scripting in the List MySQL Databases function in Easy Hosting Control Panel EHCP 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the action parameter...

Linux Distros Unpatched Vulnerability : CVE-2019-10067

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker wh...

Lunary 跨站脚本漏洞

lunary is lunary open source a production toolkit for LLM. A cross-site scripting vulnerability exists in lunary, which stems from the presence of stored cross-site scripting in the Analytics component that could lead to arbitrary JavaScript execution. No detailed vulnerability details are provid...

CVE-2025-50858

Reflected Cross-Site Scripting in the List MySQL Databases function in Easy Hosting Control Panel EHCP 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the action parameter...

CVE-2025-50859

Reflected Cross-Site Scripting in the Change Template function in Easy Hosting Control Panel EHCP 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the template parameter...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the PortalUtil.escapeRedirect function. An authenticated attacker can execute arbitrary JavaScript in the context of a user's browser by injecting malicious input into the affected process. Details Cross-sit...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the PortalUtil.escapeRedirect function. An authenticated attacker can execute arbitrary JavaScript in the context of a user's browser by injecting malicious input into the affected process. Details Cross-sit...

CVE-2025-50733

NextChat contains a cross-site scripting XSS vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs because user-influenced HTML from AI responses is...

CVE-2025-9225

Stored cross-site scripting XSS in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the getSuccessMessage field in the embedded message form container. An attacker can execute arbitrary JavaScript in the context of the affected application by submitting crafted input to this field. Details...

CVE-2025-50733

NextChat has an XSS vulnerability in the HTMLPreview component (artifacts.tsx). User-influenced HTML from AI responses is rendered in an iframe with allow-scripts without proper sanitization, enabling injection of JavaScript. Impact stated includes exfiltration of sensitive data (e.g., API keys i...

CVE-2025-50858

Reflected Cross-Site Scripting in the List MySQL Databases function in Easy Hosting Control Panel EHCP 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the action parameter...

NextChat 安全漏洞

NextChat is a NextChat open source project for rapid deployment of private ChatGPT web applications. A security vulnerability exists in NextChat that stems from the HTMLPreview component not properly cleaning up user-influenced HTML, which could lead to the execution of arbitrary JavaScript code...

EHCP Easy Hosting Control Panel 安全漏洞

EHCP Easy Hosting Control Panel is an open source web hosting control panel from EHCP. A security vulnerability exists in EHCP Easy Hosting Control Panel version 20.04.1.b. The vulnerability stems from a reflected cross-site scripting vulnerability in the template parameter of the Change Template...

CVE-2025-50733

NextChat contains a cross-site scripting XSS vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs because user-influenced HTML from AI responses is...

CVE-2025-55104

A stored cross-site scripting XSS vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to add and store an XSS payload. If this stored XSS payload is triggered by any user attacker supplied JavaScript may execute ...

CVE-2025-55104

A stored cross-site scripting XSS vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to add and store an XSS payload. If this stored XSS payload is triggered by any user attacker supplied JavaScript may execute ...

CVE-2025-55107 BUG-000177335 ArcGIS Enterprise Sites has a stored Cross-site Scripting vulnerability.

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in th...