CBL Mariner 2.0 Security Update: rabbitmq-server (CVE-2025-30219)

The version of rabbitmq-server installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-30219 advisory. - RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a...

CVE-2025-22855

An improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages containing javascript code...

GHSA-P5G4-V748-6FH8 tarteaucitron.js allows url scheme injection via unfiltered inputs

A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges access to the site's source code or a CMS plugin to enter a URL containing an insecure scheme such as javascript:alert. Before the fix, URL validation was insufficient, which could allow arbitrary JavaScript...

CVE-2025-3189

Stored Cross-Site Scripting XSS in DoWISP in versions prior to 1.16.2.50, which consists of an stored XSS through the upload of a profile picture in SVG format with malicious Javascript code in it...

CVE-2025-3189 Stored Cross-Site Scripting (XSS) in DoWISP

Stored Cross-Site Scripting XSS in DoWISP in versions prior to 1.16.2.50, which consists of an stored XSS through the upload of a profile picture in SVG format with malicious Javascript code in it...

firefox: thunderbird: Use-after-free triggered by XSLTProcessor

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free...

CVE-2024-56475

IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-56475

CVE-2024-56475 affects IBM TXSeries for Multiplatforms (versions 9.1 and 11.1). The bulletin describes a cross-site scripting vulnerability in the Web UI, which an authenticated user can exploit to embed arbitrary JavaScript, potentially altering functionality and leading to credentials disclosur...

CVE-2024-56341

IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-56341 IBM Content Navigator cross-site scripting

IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

PT-2025-14508 · Ibm · Ibm Content Navigator

Name of the Vulnerable Software and Affected Versions: IBM Content Navigator versions 3.0.11 through 3.1.0 Description: The issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure...

CVE-2025-2868

Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /index.php...

CVE-2025-2870

Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /patientside.php...

CVE-2025-2869

Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the id parameter in /manageuser.php...

Security Bulletin: Financial Transaction Manager for Digital Payments, High Value Payments and Corporate Payment Services are impacted by multiple vulnerabilities.

Summary The vulnerabilities addressed include access control, sensitive information disclosure, cross site scripting and directory traversal. Vulnerability Details CVEID:CVE-2020-5002 DESCRIPTION: IBM Financial Transaction Manager could allow an authenticated user to perform unauthorized actions...

CVE-2025-30219 RabbitMQ has XSS Vulnerability in an Error Message in Management UI

RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable with other on disk file modifications can lead to arbitrary JavaScript code execution in the browsers of...

CVE-2025-30219

RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable with other on disk file modifications can lead to arbitrary JavaScript code execution in the browsers of...

CVE-2025-2597

Reflected Cross-Site Scripting XSS in ITIUM 6050 version 5.5.5.2-b3526 from Impact Technologies. This vulnerability could allow an attacker to execute malicious Javascript code via GET and POST requests to the ‘/index.php’ endpoint and injecting code into the ‘idsession...

CVE-2025-30349

Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute that may use base64-encoded JavaScript code, as exploited in the wild in March 2025...

CVE-2024-9900

mudler/localai version v2.21.1 contains a Cross-Site Scripting XSS vulnerability in its search functionality. The vulnerability arises due to improper sanitization of user input, allowing the injection and execution of arbitrary JavaScript code. This can lead to the execution of malicious scripts...