Cross-site Scripting (XSS)

Overview org.webjars.npm:mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the node labels which were introduced in 734bde3. An attacker can execute arbitrary...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the message boards feature available through the web interface. An attacker can execute arbitrary JavaScript code in the context of other users by injecting malicious scripts into messages. Details Cross-sit...

CVE-2025-51489

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened...

CVE-2025-51489

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened...

Linux Distros Unpatched Vulnerability : CVE-2022-24728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all...

CVE-2025-8910

Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

CVE-2025-55346 Unintended dynamic code execution leads to remote code execution by network attackers

User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request...

CVE-2025-55346 Unintended dynamic code execution leads to remote code execution by network attackers

User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request...

CVE-2025-45315

A cross-site scripting XSS vulnerability in the /controller/admin.php endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the email parameter...

CVE-2025-45314

A cross-site scripting XSS vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the add function...

CVE-2025-8911

Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

CVE-2025-8911

Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

CVE-2025-8910

Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

CVE-2025-8911 WellChoose｜Organization Portal System - Reflected Cross-site Scripting

Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

CVE-2025-8911

CVE-2025-8911 concerns WellChoose’s Organization Portal System, which is affected by a reflected XSS vulnerability. The issue allows unauthenticated attackers to cause arbitrary JavaScript execution in a user’s browser via phishing-style input. Public references across CNVD/NVD/Red Hat and others...

CVE-2025-8910

CVE-2025-8910 affects WellChoose Organization Portal System. The connected sources describe a Reflected Cross-Site Scripting (XSS) vulnerability that enables unauthenticated attackers to execute arbitrary JavaScript in a user’s browser via phishing. The issue is widely reported across NVD, Red Ha...

WellChoose Organization Portal System 跨站脚本漏洞

WellChoose Organization Portal System is an electronic directory service system from WellChoose in Taiwan, China. The WellChoose Organization Portal System suffers from a cross-site scripting vulnerability that originates from the application's lack of effective filtering and escaping of...

CVE-2025-54800 Hydra persistent XSS in build metrics

Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...

📄 Anchor CMS 0.12.7 Cross Site Scripting

Anchor CMS version 0.12.7 suffers from a persistent cross site scripting vulnerability. Anchor CMS v0.12.7 - Stored XSS CVE-2025-46041 Anchor CMS v0.12.7 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability in the description field of the /admin/pages/add interface. CVE ID...

ALSA-2025:13676 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Large branch table could lead to truncated instruction CVE-2025-8028 firefox: thunderbird: Memory safety bugs CVE-2025-8035 firefox: thunderbird: Incorrect URL stripping in CSP reports CVE-2025-80...