CVE-2025-45007

A Reflected Cross-Site Scripting XSS vulnerability was discovered in the profile.php file of PHPGurukul Timetable Generator System v1.0. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the adminname POST request parameter...

CVE-2025-45007

CVE-2025-45007 affects PHPGurukul Timetable Generator System v1.0, via the profile.php file. The vulnerability is a reflected Cross-Site Scripting (XSS) where the adminname parameter in a POST request can cause arbitrary JavaScript execution. Impact is consistent with a reflected XSS allowing scr...

CVE-2025-45007

A Reflected Cross-Site Scripting XSS vulnerability was discovered in the profile.php file of PHPGurukul Timetable Generator System v1.0. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the adminname POST request parameter...

CVE-2025-1551 IBM Operational Decision Manager cross-site scripting

IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

CVE-2025-1551

IBM Operational Decision Manager (ODM) versions 8.11.0.1, 8.11.1.0, 8.12.0.1, and 9.0.0.1 are affected by a cross-site scripting vulnerability. An unauthenticated attacker can embed arbitrary JavaScript in the Web UI, potentially exposing credentials within a trusted session. IBM’s bulletin lists...

CVE-2025-40615

CVE-2025-40615 concerns Bookgy, a booking system where a reflected Cross-Site Scripting (XSS) vulnerability exists in the /api/api_ajustes.php endpoint via the TEXTO parameter. The underlying issue is a reflected XSS flaw that can cause a user’s browser to execute attacker-supplied JavaScript whe...

CVE-2025-3929

An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window, and...

PT-2025-18173 · Bookgy · Bookgy

Name of the Vulnerable Software and Affected Versions: Bookgy affected versions not specified Description: A Reflected Cross-Site Scripting XSS issue allows an attacker to execute JavaScript code in the victim's browser. This is achieved by sending a malicious URL through the TEXTO parameter in t...

CVE-2025-2986

IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

PT-2025-17900 · Ibm · Ibm Maximo Asset Management

Name of the Vulnerable Software and Affected Versions: IBM Maximo Asset Management version 7.6.1.3 Description: The issue allows a privileged user to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trust...

Exploit for CVE-2025-32965

This is a PoC exploit for CVE-2025-32965, a supply chain attack...

The server for managing Fortinet FortiClient Enterprise Management Server is vulnerable. This vulnerability stems from the lack of security measures taken to protect the website structure, allowing attackers to send messages containing JavaScript code.

The vulnerability of the Fortinet FortiClient Enterprise Management Server EMS server exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to send messages containing JavaScript code via a specially created link...

CVE-2025-32960

The CVE-2025-32960 vulnerability affects the CUBA REST API add-on prior to 7.2.7, where the input parameter (file path and name) can be manipulated to cause the server to return Content-Type: text/html for names ending in .html, enabling execution of malicious JavaScript in the browser after an a...

GHSA-88H5-34XW-2Q56 XSS in the /files Endpoint of the Generic REST API

Impact The input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be...

CVE-2025-26159

CVE-2025-26159 affects Laravel Starter 11.11.0. The vulnerability is an XSS in the tags feature where any user who can create or modify tags can inject malicious JavaScript into the name field. The exact root cause and affected components are described in the connected documents as an XSS issue i...

PT-2025-17590 · Unknown · Laravel Starter

Name of the Vulnerable Software and Affected Versions: Laravel Starter version 11.11.0 Description: The issue concerns Cross Site Scripting XSS in the tags feature. Users who can create or modify tags can inject malicious JavaScript code into the name field. Recommendations: For Laravel Starter...

CVE-2025-25427

Stored XSS vulnerability CVE-2025-25427 in TP-Link WR841N web interface (upnp.htm) allows injection of arbitrary JavaScript via the port mapping description. Impact: payload executes when the upnp page loads. Affected: WR841N v14/v14.6/v14.8

CVE-2025-25427 XSS in TP-Link TL-WR841N v14/v14.6/v14.8 Upnp page

A stored cross-site scripting XSS vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 = Build 241230 Rel. 50788n allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload...

Azure Linux 3.0 Security Update: rabbitmq-server (CVE-2025-30219)

The version of rabbitmq-server installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-30219 advisory. - RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a...

CVE-2025-1983

CVE-2025-1983 describes an XSS in Ready_’s File Explorer upload: an attacker can inject JavaScript via the filename. The injected content is stored server-side and executes whenever a user interacts with the uploaded file. Connected sources (NVD and Red Hat CVEs) confirm the same description, ide...