5058 matches found
CVE-2025-48875
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, the system's incorrect validation of lastname and firstname during profile data updates allows for the injection of arbitrary JavaScript code, which will be executed in a flesh-message when the data is deleted...
CVE-2025-48875
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, the system's incorrect validation of lastname and firstname during profile data updates allows for the injection of arbitrary JavaScript code, which will be executed in a flesh-message when the data is deleted...
CVE-2025-48875 FreeScout Vulnerable to Stored XSS
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, the system's incorrect validation of lastname and firstname during profile data updates allows for the injection of arbitrary JavaScript code, which will be executed in a flesh-message when the data is deleted...
PT-2025-23423 · Ibm · Ibm Planning Analytics Local
Name of the Vulnerable Software and Affected Versions: IBM Planning Analytics Local versions 2.0 through 2.1 Description: The issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure...
U.S. Dept Of Defense: Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on ███████
A Cross-Site Scripting XSS vulnerability was identified in an ASP.NET web application. The issue arose from improper handling of URLs passed to the ResolveUrl method, which failed to sanitize user-controlled input. This allowed injection of arbitrary JavaScript payloads that executed in the conte...
U.S. Dept Of Defense: Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on ████
A Cross-Site Scripting XSS vulnerability was identified in an ASP.NET web application. The issue was caused by improper handling of URLs passed to the ResolveUrl method, which failed to sanitize user-controlled input. This allowed injection of arbitrary JavaScript payloads that executed in the...
CVE-2025-31501
Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink...
CVE-2025-31500
Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name...
CVE-2025-31501
Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink...
CVE-2025-31500
Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name...
CVE-2025-31500
Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name...
CVE-2025-31501
Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink...
Best Practical RT 跨站脚本漏洞
Best Practical RT is a request tracker from Best Practical, Inc. A cross-site scripting vulnerability exists in Best Practical RT versions 5.0 through 5.0.7, which stems from the injection of JavaScript into an asset name and could lead to cross-site scripting...
CVE-2025-31501
Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink...
CVE-2025-31500
CVE-2025-31500 affects Best Practical RT (Request Tracker) 5.0–5.0.7, enabling cross-site scripting via JavaScript injection in an Asset name. The connected documents confirm the vulnerability and reference the RT 5.0.8 release, suggesting upgrading to 5.0.8 as remediation. No explicit exploit de...
CVE-2025-31500
Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name...
EU Cookie Compliance (GDPR Compliance) - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-072
This module addresses the General Data Protection Regulation GDPR and the EU Directive on Privacy and Electronic Communications. The module doesn't sufficiently verify whether "disabled JavaScript" entries are valid or correspond to actual scripts on the page. As a result, an attacker could injec...
CVE-2025-31500
Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name...
CVE-2025-31501
Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink...
CVE-2025-31501
Best Practical RT (Request Tracker) 5.0–5.0.7 is affected by an XSS vulnerability via JavaScript injection in an RT permalink. The issue is documented across multiple feeds as CVE-2025-31501 with exposure to remote users, and the impact described is cross-site scripting with low confidentiality/i...