5930 matches found
CVE-2025-36548
A cross-site scripting xss vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigg...
CVE-2025-46993
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-36548
A cross-site scripting xss vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigg...
CVE-2025-46410
A cross-site scripting xss vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to...
CVE-2025-41420
A cross-site scripting xss vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...
CVE-2025-41420
A cross-site scripting xss vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...
CVE-2025-47061 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-47061 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-46410
A cross-site scripting xss vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to...
CVE-2025-46410
CVE-2025-46410 affects WWBN AVideo 14.4 and dev master commit 8a8954ff. Talos reports a reflected XSS in managerPlaylists.php via the PlaylistOwnerUsersId parameter due to insufficient input sanitization, enabling arbitrary Javascript execution when a user visits a crafted page. The vulnerability...
CVE-2025-46410
A cross-site scripting xss vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to...
CVE-2025-53084
CVE-2025-53084 affects WWBN AVideo 14.4 and the dev master commit 8a8954ff. Talos reports a reflected XSS in the videosList.php page parameter handling (parameter: page) due to missing sanitization, enabling arbitrary JavaScript execution when a user visits a crafted page. The vulnerability is ex...
CVE-2025-53084
A cross-site scripting xss vulnerability exists in the videosList page parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabili...
CVE-2025-50128
Cisco Talos reports a cross-site scripting (XSS) vulnerability in WWBN AVideo 14.4 and the dev master commit 8a8954ff, affecting the videoNotFound.php 404ErrorMsg parameter. A specially crafted HTTP request can cause arbitrary Javascript execution when a user visits a crafted page, enabling poten...
CVE-2025-36548
A cross-site scripting xss vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigg...
CVE-2025-36548
A cross-site scripting xss vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigg...
CVE-2025-36548
WWBN AVideo 14.4 and dev master commit 8a8954ff are vulnerable to a reflected XSS via the loginForm cancelUri parameter. A crafted HTTP request can cause arbitrary JavaScript execution when a user visits a malicious page. TALOS reports the vulnerability and notes vendor patches were released; rem...
CVE-2025-41420
A cross-site scripting xss vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...
CVE-2025-41420
CVE-2025-41420 concerns WWBN AVideo 14.4 and the dev master commit 8a8954ff, where the PHP file view/userLogin.php mishandles the cancelUri parameter. This causes a reflected cross-site scripting (XSS) vulnerability: a specially crafted HTTP request can cause arbitrary Javascript execution when a...
CVE-2025-51462
Stored Cross-site Scripting XSS vulnerability in api.apps.dialogapp.setdialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafted input to the assistant greeting field, which is stored unsanitised and rendered using a markdown component with rehype-raw...