Citizen vulnerable to Stored XSS through short descriptions

Summary Short descriptions set via the ShortDescription extension are inserted as raw HTML by the Citizen skin, allowing any user to insert arbitrary HTML into the DOM by editing a page. Details The shortdesc property, which contains unsanitized user input, is retrieved from the OutputPage and...

GHSA-PRMV-7R8C-794G Citizen vulnerable to Stored XSS through short descriptions

Summary Short descriptions set via the ShortDescription extension are inserted as raw HTML by the Citizen skin, allowing any user to insert arbitrary HTML into the DOM by editing a page. Details The shortdesc property, which contains unsanitized user input, is retrieved from the OutputPage and...

Cross-site Scripting (XSS)

github.com/gogs/gogs is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the inclusion of an outdated version of pdfjs v1.4.20 that allows client-side JavaScript execution...

CVE-2025-40733

Reflected Cross-Site Scripting XSS vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the username parameter in /login.php...

Stored Cross-site Scripting (XSS)

File Browser is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of Markdown content, allowing JavaScript code in uploaded Markdown files to be executed by the browser...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : yelp (SUSE-SU-2025:02170-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02170-1 advisory. - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files...

CVE-2025-40733

Reflected Cross-Site Scripting XSS vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the username parameter in /login.php...

CVE-2025-40734

Reflected Cross-Site Scripting XSS vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the password and confirmpassword parameters in /register.php...

CVE-2025-40734 Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager

Reflected Cross-Site Scripting XSS vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the password and confirmpassword parameters in /register.php...

CVE-2025-40733

CVE-2025-40733 is a reflected XSS vulnerability in Daily Expense Manager v1.0. The issue arises from insufficient filtering/escaping of user-supplied data in the POST parameter username of /login.php, allowing an attacker to execute JavaScript when a user interacts with the login flow. Multiple s...

CVE-2025-40733 Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager

Reflected Cross-Site Scripting XSS vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the username parameter in /login.php...

CVE-2025-40733 Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager

Reflected Cross-Site Scripting XSS vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the username parameter in /login.php...

SUSE-SU-2025:02170-1 Security update for yelp

This update for yelp fixes the following issues: - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688...

Security update for yelp

This update for yelp fixes the following issues: CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE-SU-2025:02169-1 Security update for yelp

This update for yelp fixes the following issues: - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688...

Security update for yelp-xsl

This update for yelp-xsl fixes the following issues: CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE-SU-2025:02168-1 Security update for yelp-xsl

This update for yelp-xsl fixes the following issues: - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688...

PT-2025-27426 · Unknown · Daily Expense Manager

Name of the Vulnerable Software and Affected Versions: Daily Expense Manager version 1.0 Description: The issue is a Reflected Cross-Site Scripting XSS vulnerability that allows an attacker to execute JavaScript code. This is achieved by sending a POST request through the password and confirm...

The vulnerability in the online business analytics web interface of IBM Cognos Analytics allows a perpetrator to execute arbitrary JavaScript code and expose account information.

The vulnerability of the online business analytics web interface of IBM Cognos Analytics relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code and disclose user credentials...

CVE-2025-52902

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The Markdown preview function of File Browser prior to v2.33.7 is vulnerable to Stored Cross-Site-Scripting XSS. Any JavaScript code that is part of a...