CVE-2025-26159

CVE-2025-26159 affects Laravel Starter 11.11.0. The vulnerability is an XSS in the tags feature where any user who can create or modify tags can inject malicious JavaScript into the name field. The exact root cause and affected components are described in the connected documents as an XSS issue i...

CVE-2025-25427 XSS in TP-Link TL-WR841N v14/v14.6/v14.8 Upnp page

A stored cross-site scripting XSS vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 = Build 241230 Rel. 50788n allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload...

CVE-2025-1983

CVE-2025-1983 describes an XSS in Ready_’s File Explorer upload: an attacker can inject JavaScript via the filename. The injected content is stored server-side and executes whenever a user interacts with the uploaded file. Connected sources (NVD and Red Hat CVEs) confirm the same description, ide...

CVE-2025-1983 Stored Cross-Site Scripting in Ready_

A cross-site scripting XSS vulnerability in Ready's File Explorer upload functionality allows injection of arbitrary JavaScript code in filename. Injected content is stored on server and is executed every time a user interacts with the uploaded file...

📄 CodeAstro Online Railway Reservation System 1.0 Cross Site Scripting

CodeAstro Online Railway Reservation System version 1.0 suffers from a cross site scripting vulnerability. Exploit Title: XSS Vulnerability in Online Railway Reservation System 1.0 Date: 2024-08-15 Exploit Author: Raj Nandi Vendor Homepage: https://codeastro.com/ Software Link:...

CVE-2024-0640

A stored cross-site scripting XSS vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. This vulnerability allows an admin user to inject malicious JavaScript code via the dashboard app settings, which can then be executed by another admin user when they access the affected dashboard...

CVE-2024-0640

A stored cross-site scripting XSS vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. This vulnerability allows an admin user to inject malicious JavaScript code via the dashboard app settings, which can then be executed by another admin user when they access the affected dashboard...

CVE-2024-0640

CVE-2024-0640 (Chatwoot) describes a stored XSS vulnerability in chatwoot/chatwoot versions 3.0.0 to 3.5.1. An admin can inject malicious JavaScript through the dashboard app settings, which can then be executed by another admin when they access the affected dashboard. The issue has been fixed in...

PT-2025-12295 · Unknown · Mudler/Localai

Name of the Vulnerable Software and Affected Versions: mudler/localai version v2.21.1 mudler/localai versions prior to v2.22.0 Description: The issue arises due to improper sanitization of user input, allowing the injection and execution of arbitrary JavaScript code. This can lead to the executio...

Autodesk: Reflected XSS Vulnerability in SVG File at area-resources-stg.autodesk.com

A reflected cross-site scripting XSS vulnerability was found on files stored on an Autodesk AREA server. The vulnerability could have allowed an attacker to inject malicious JavaScript code when the files were viewed by users. Autodesk has fixed the vulnerability...

CVE-2025-2495 Stored Cross-Site Scripting (XSS) vulnerability in Softdial Contact Center

Stored Cross-Site Scripting XSS in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to upload XML files to the server with JavaScript code injected via the ‘/softdial/scheduler/save.php’ resource. The injected code will execute when the uploaded file is loaded via the...

CVE-2025-2495 Stored Cross-Site Scripting (XSS) vulnerability in Softdial Contact Center

Stored Cross-Site Scripting XSS in Softdial Contact Center of Sytel Ltd. This vulnerability allows an attacker to upload XML files to the server with JavaScript code injected via the ‘/softdial/scheduler/save.php’ resource. The injected code will execute when the uploaded file is loaded via the...

Linux Distros Unpatched Vulnerability : CVE-2023-24538

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template...

CVE-2024-28776

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2025-0423 Multiple Unauthenticated Stored Cross-Site Scripting

In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple unauthenticated stored cross-site scripting vulnerabilities. An unauthenticated attacker is able to compromise the sessions of users on the server by injecting JavaScript code into their...

IBM Security Verify Access Cross-Site Scripting Vulnerability (CNVD-2025-06213)

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated acce...

CVE-2024-56463 IBM QRadar SIEM cross-site scripting

IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-49792

IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

Security Bulletin: Cross-Site Scripting vulnerability affect IBM Business Automation Workflow - CVE-2024-52364

Summary IBM Business Automation Workflow is vulnerable to a Cross-Site Scripting attack. Vulnerability Details CVEID:CVE-2024-52364 DESCRIPTION: IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2...

CVE-2024-49792 IBM ApplinX Cross-Site Scripting

IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...