CVE-2025-0054 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java

SAP NetWeaver Application Server Java does not sufficiently handle user input, resulting in a stored cross-site scripting vulnerability. The application allows attackers with basic user privileges to store a Javascript payload on the server, which could be later executed in the victim's web...

CVE-2025-0054 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java

SAP NetWeaver Application Server Java does not sufficiently handle user input, resulting in a stored cross-site scripting vulnerability. The application allows attackers with basic user privileges to store a Javascript payload on the server, which could be later executed in the victim's web...

CVE-2025-0054

CVE-2025-0054 describes a stored cross-site scripting vulnerability in SAP NetWeaver Application Server Java caused by insufficient input handling. Attackers with basic user privileges can store a JavaScript payload on the server, which may be executed in other users’ browsers when affected pages...

CVE-2025-1175

Reflected Cross-Site Scripting XSS vulnerability in Kelio Visio 1, Kelio Visio X7 and Kelio Visio X4, in versions between 3.2C and 5.1K. This vulnerability could allow an attacker to execute a JavaScript payload by making a POST request and injecting malicious code into the editable ‘username’...

CVE-2025-1175 Cross-Site Scripting (XSS) vulnerability in Kelio Visio

Reflected Cross-Site Scripting XSS vulnerability in Kelio Visio 1, Kelio Visio X7 and Kelio Visio X4, in versions between 3.2C and 5.1K. This vulnerability could allow an attacker to execute a JavaScript payload by making a POST request and injecting malicious code into the editable ‘username’...

CVE-2025-1175

The vulnerability CVE-2025-1175 is a Reflected Cross-Site Scripting (XSS) in Kelio Visio 1, Kelio Visio X7, and Kelio Visio X4, affecting versions 3.2C through 5.1K. The issue occurs in the editable ‘username’ parameter of the endpoint "/PageLoginVisio.do" and can be triggered by a POST request t...

CVE-2025-1076

A Stored Cross-Site Scripting Stored XSS vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality...

CVE-2025-1076

A Stored Cross-Site Scripting Stored XSS vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality...

CVE-2025-1076

CVE-2025-1076 describes a Stored XSS vulnerability in Holded’s application, affecting the editable name and icon fields within the Activities feature. The root cause is storing a JavaScript payload in those parameters, enabling an attacker to inject script via standard input fields. The issue is ...

CVE-2025-1076 Stored Cross-Site Scripting vulnerability in Holded

A Stored Cross-Site Scripting Stored XSS vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality...

CVE-2025-1076 Stored Cross-Site Scripting vulnerability in Holded

A Stored Cross-Site Scripting Stored XSS vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality...

CVE-2024-45856

A cross-site scripting XSS vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI...

CVE-2024-40626

Outline is an open source, collaborative document editor. A type confusion issue was found in ProseMirror’s rendering process that leads to a Stored Cross-Site Scripting XSS vulnerability in Outline. An authenticated user can create a document containing a malicious JavaScript payload. When other...

CVE-2025-22917

A reflected cross-site scripting XSS vulnerability in Audemium ERP =0.9.0 allows remote attackers to execute an arbitrary JavaScript payload in the web browser of a user by including a malicious payload into the 'type' parameter of list.php...

CVE-2025-22917

A reflected cross-site scripting XSS vulnerability in Audemium ERP =0.9.0 allows remote attackers to execute an arbitrary JavaScript payload in the web browser of a user by including a malicious payload into the 'type' parameter of list.php...

LinkAce 安全漏洞

LinkAce is a self-hosted archive of links to your favorite websites by Kevin Woblick Personal Developer. A security vulnerability exists in LinkAce versions prior to 1.15.6. An attacker exploiting this vulnerability could upload a malicious HTML file containing a JavaScript payload...

CVE-2024-36498

Image Access Scan2Net (Image Access Germany) is affected by a stored XSS vulnerability in the configuration menu’s Edit Disclaimer Text function due to missing input sanitization. The stored JavaScript payload executes in users’ browsers (including kiosk mode) when the ScanWizard loads. A fix was...

Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads

A newly discovered malware campaign has been found to target private users, retailers, and service businesses mainly located in Russia to deliver NetSupport RAT and BurnsRAT. The campaign, dubbed Horns &Hooves by Kaspersky, has hit more than 1,000 victims since it began around March 2023. The end...

New GootLoader Campaign Targets Users Searching for Bengal Cat Laws in Australia

In an unusually specific campaign, users searching about the legality of Bengal Cats in Australia are being targeted with the GootLoader malware. "In this case, we found the GootLoader actors using search results for information about a particular cat and a particular geography being used to...

SofaWiki 3.9.2 Cross Site Scripting Vulnerability

Exploit Title: SofaWiki 3.9.2 - Stored XSS Authenticated Exploit Author: Chokri Hammedi Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Version: 3.9.2 Tested on: Windows XP Summary: A stored XSS exists in SofaWiki's Open Ticket feature. An...