EHCP Easy Hosting Control Panel 安全漏洞

EHCP Easy Hosting Control Panel is an open source web hosting control panel from EHCP. A security vulnerability exists in EHCP Easy Hosting Control Panel version 20.04.1.b. The vulnerability stems from a reflected cross-site scripting vulnerability in the template parameter of the Change Template...

CVE-2025-50733

NextChat contains a cross-site scripting XSS vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs because user-influenced HTML from AI responses is...

CVE-2025-55104

A stored cross-site scripting XSS vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to add and store an XSS payload. If this stored XSS payload is triggered by any user attacker supplied JavaScript may execute ...

CVE-2025-55104

A stored cross-site scripting XSS vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to add and store an XSS payload. If this stored XSS payload is triggered by any user attacker supplied JavaScript may execute ...

CVE-2025-55107 BUG-000177335 ArcGIS Enterprise Sites has a stored Cross-site Scripting vulnerability.

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in th...

CVE-2025-55420

A Reflected Cross Site Scripting XSS vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response. This permits execution of arbitrary JavaScript code when a logged-in user submits the malicious input...

CVE-2025-55420

A Reflected Cross Site Scripting XSS vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response. This permits execution of arbitrary JavaScript code when a logged-in user submits the malicious input...

CVE-2025-51489

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened...

CVE-2025-55420

FoxCMS v1.2.6 is affected by a Reflected XSS in the /index.php endpoint. The issue stems from unsanitized reflection of a crafted script via a GET request, enabling execution of arbitrary JavaScript when a logged-in user submits the malicious input. CVSSv3.1 base score 8.8 (HIGH) with NETWORK att...

FoxCMS 安全漏洞

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS. A security vulnerability exists in FoxCMS v1.2.6, which stems from a reflective cross-site scripting vulnerability that could lead to the execution of arbitrary JavaScript code...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the definition parameter of Dynamic Data Mapping portlet. An authenticated attacker can execute arbitrary JavaScript code in the context of a user's browser by crafting a malicious request and tricking a use...

CVE-2025-55287

Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Stored Cross-Site Scripting XSS vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leading to session hijacking, data theft, and UI...

CVE-2025-46998

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-46932

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-54175 Reflected Cross-Site Scripting in QuickCMS.EXT

QuickCMS.EXT is vulnerable to Reflected XSS in sFileName parameter in thumbnail viewer functionality. An attacker can craft a malicious URL that results in arbitrary JavaScript execution in the victim's browser when opened. The vendor was notified early about this vulnerability, but didn't respon...

CVE-2025-54172

CVE-2025-54172 affects QuickCMS. The vulnerability is a Stored XSS in the sTitle parameter of the page editor . An attacker with admin privileges can inject arbitrary HTML/JS that will be rendered when visiting the edited page; regular admin users cannot inject scripts. Only version 6.8 was teste...

CVE-2025-9225

Stored cross-site scripting XSS in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser...

Reflected Cross Site Scripting (XSS)

microweber/microweber is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to improper validation of the layout parameter on the /admin/page/create page, which allows arbitrary JavaScript execution in the context of authenticated admin users...

Mobile Industrial Robots MiR Robots 安全漏洞

Mobile Industrial Robots MiR Robots is an autonomous mobile robot from Mobile Industrial Robots, Denmark. A security vulnerability exists in Mobile Industrial Robots MiR Robots versions prior to 3.0.0, which originates from stored cross-site scripting and could lead to the execution of arbitrary...

PT-2025-34052

Name of the Vulnerable Software and Affected Versions: QuickCMS.EXT version 6.8 QuickCMS.EXT affected versions not specified Description: QuickCMS.EXT is susceptible to a Reflected Cross-Site Scripting XSS issue within the thumbnail viewer functionality. An attacker can create a malicious URL tha...