PT-2025-30683 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 14.4 and dev master commit 8a8954ff Description: A cross-site scripting xss vulnerability exists in the videosList page parameter functionality. A specially crafted HTTP request can lead to arbitrary Javascript execution,...

PT-2025-30680 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 14.4 WWBN AVideo dev master commit 8a8954ff Description: A cross-site scripting xss vulnerability exists due to the videoNotFound 404ErrorMsg parameter functionality. A specially crafted HTTP request can lead to arbitrary...

WWBN AVideo videosList page parameter cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2025-2206 WWBN AVideo videosList page parameter cross-site scripting XSS vulnerability July 24, 2025 CVE Number CVE-2025-53084 SUMMARY A cross-site scripting xss vulnerability exists in the videosList page parameter functionality of WWBN AVideo 14.4 and dev master...

WWBN AVideo managerPlaylists PlaylistOwnerUsersId parameter cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2025-2205 WWBN AVideo managerPlaylists PlaylistOwnerUsersId parameter cross-site scripting XSS vulnerability July 24, 2025 CVE Number CVE-2025-46410 SUMMARY A cross-site scripting xss vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter...

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform builder written in PHP by the WWBN team. A cross-site scripting vulnerability exists in WWBN AVideo version 14.4, which stems from the videoNotFound 404ErrorMsg parameter that is vulnerable to cross-site scripting attacks and could lead to the execution of arbitrar...

PT-2025-30677 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 14.4 and dev master commit 8a8954ff Description: A cross-site scripting xss vulnerability exists due to the improper handling of the cancelUri parameter within the userLogin functionality. A specially crafted HTTP request...

WWBN AVideo LoginWordPress loginForm cancelUri parameter cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2025-2208 WWBN AVideo LoginWordPress loginForm cancelUri parameter cross-site scripting XSS vulnerability July 24, 2025 CVE Number CVE-2025-36548 SUMMARY A cross-site scripting xss vulnerability exists in the LoginWordPress loginForm cancelUri parameter...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the markdown field in the info tab page. An attacker can execute arbitrary JavaScript code in the context of a user's browser by injecting malicious content. Details Cross-site scripting or XSS is a code...

PT-2025-30594

Name of the Vulnerable Software and Affected Versions SMA100 series versions affected versions not specified Description A reflected cross-site scripting XSS vulnerability exists in the web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code...

SonicWall SMA 100 Series 跨站脚本漏洞

SonicWall SMA 100 Series is a series of remote access software from SonicWall Corporation. A cross-site scripting vulnerability exists in SonicWall SMA 100 Series that originates from reflective cross-site scripting and could lead to arbitrary JavaScript code execution...

CVE-2025-51462

Stored Cross-site Scripting XSS vulnerability in api.apps.dialogapp.setdialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafted input to the assistant greeting field, which is stored unsanitised and rendered using a markdown component with rehype-raw...

CVE-2025-8029

CVE-2025-8029: Thunderbird and Firefox products are affected by a vulnerability where javascript: URLs are executed when used inside object and embed tags. The impact list states affected versions include Firefox < 141 and Thunderbird < 141 (and ESR branches

CVE-2025-8029 javascript: URLs executed on object and embed tags

Thunderbird executed javascript: URLs when used in object and embed tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

CVE-2025-8029

Thunderbird executed javascript: URLs when used in object and embed tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

CVE-2025-8029 javascript: URLs executed on object and embed tags

Thunderbird executed javascript: URLs when used in object and embed tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

Aim vulnerable to Cross-site Scripting

Cross-site Scripting XSS in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python code submitted to the /api/reports endpoint, which is interpreted and executed by Pyodide when the report is viewed. No sanitisation or sandbox...

GHSA-GMVV-RJ92-9W35 Aim vulnerable to Cross-site Scripting

Cross-site Scripting XSS in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python code submitted to the /api/reports endpoint, which is interpreted and executed by Pyodide when the report is viewed. No sanitisation or sandbox...

CVE-2025-51464

Cross-site Scripting XSS in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python code submitted to the /api/reports endpoint, which is interpreted and executed by Pyodide when the report is viewed. No sanitisation or sandbox...

CVE-2025-51464

Cross-site Scripting XSS in aimhubio Aim 3.28.0 allows remote attackers to execute arbitrary JavaScript in victims browsers via malicious Python code submitted to the /api/reports endpoint, which is interpreted and executed by Pyodide when the report is viewed. No sanitisation or sandbox...

Cross-site Scripting (XSS)

@nuxtjs/mdc is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of Markdown content caused by allowing injection of a tag, which can alter relative URL resolution and enable loading of external attacker-controlled resources, leading to arbitrary JavaScript...