CVE-2025-1983 Stored Cross-Site Scripting in Ready_

A cross-site scripting XSS vulnerability in Ready's File Explorer upload functionality allows injection of arbitrary JavaScript code in filename. Injected content is stored on server and is executed every time a user interacts with the uploaded file...

The vulnerability of the E-Staff automated recruitment process system, related to errors in data filtering in document display functions, allows a perpetrator to execute arbitrary JavaScript code.

The vulnerability of the E-Staff recruitment process automation system is related to errors in data filtering in document display functions. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code remotely...

CVE-2025-3423

IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2022-43850

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-3423

IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-3423

IBM Aspera Faspex 5.x (versions 5.0.0–5.0.11) is affected by a DOM-based cross-site scripting vulnerability that lets an authenticated user embed arbitrary JavaScript in the Web UI, potentially leading to credential disclosure within a trusted session. The issue stems from inadequate input handli...

CVE-2025-3423 IBM Aspera Faspex 5 cross-site scripting

IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2023-42007

IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

Security Bulletin: IBM Aspera Faspex 5 is vulnerable to cross-site scripting (CVE-2025-3423)

Summary IBM Aspera Faspex 5 is vulnerable to DOM-based cross-site scripting. Attackers could use this vulnerability to trick users into opening malicious URLs, allowing client-side scripts to process and execute at the user's browser. Vulnerability Details CVEID:CVE-2025-3423 DESCRIPTION: IBM...

Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities

Summary IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities with updates. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel...

CVE-2025-22855

An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code...

CVE-2023-42007 IBM Sterling Control Center cross-site scripting

IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2023-42007 IBM Sterling Control Center cross-site scripting

IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2023-42007

Summary: IBM Sterling Control Center (versions 6.2.1, 6.3.1, 6.4.0) is vulnerable to cross-site scripting due to improper input validation/reflection in the Web UI, potentially enabling an attacker to embed arbitrary JavaScript and disclose credentials within a trusted session. Impact (as stated)...

📄 CodeAstro Online Railway Reservation System 1.0 Cross Site Scripting

CodeAstro Online Railway Reservation System version 1.0 suffers from a cross site scripting vulnerability. Exploit Title: XSS Vulnerability in Online Railway Reservation System 1.0 Date: 2024-08-15 Exploit Author: Raj Nandi Vendor Homepage: https://codeastro.com/ Software Link:...

CVE-2025-32379 XSS at ctx.redirect() function in Koajs

Koa is expressive middleware for Node.js using ES2017 async functions. In koa 2.16.1 and 3.0.0-alpha.5, passing untrusted user input to ctx.redirect even after sanitizing it, may execute javascript code on the user who use the app. This issue is patched in 2.16.1 and 3.0.0-alpha.5...

CVE-2025-32379 XSS at ctx.redirect() function in Koajs

Koa is expressive middleware for Node.js using ES2017 async functions. In koa 2.16.1 and 3.0.0-alpha.5, passing untrusted user input to ctx.redirect even after sanitizing it, may execute javascript code on the user who use the app. This issue is patched in 2.16.1 and 3.0.0-alpha.5...

CVE-2025-32379

CVE-2025-32379 (Koa, Node.js): In koa < 2.16.1 and

CVE-2023-33844

IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2023-33844 IBM Security Verify Governance cross-site scripting

IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...