CVE-2025-0656

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-27388 Arbitrary URL Loading in WebView Leading to Token Leakage Risk

Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens...

CVE-2025-32430

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-3 through 16.4.7, 16.5.0-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, two templates contain reflected XSS vulnerabilities, allowing an attacker to execute...

CVE-2025-32430

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-3 through 16.4.7, 16.5.0-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, two templates contain reflected XSS vulnerabilities, allowing an attacker to execute...

CVE-2025-32430 XWiki Platform contains Reflected XSS vulnerability in two templates

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-3 through 16.4.7, 16.5.0-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, two templates contain reflected XSS vulnerabilities, allowing an attacker to execute...

CVE-2025-32430

CVE-2025-32430 – XWiki Platform Reflected XSS . Affected: XWiki Platform versions 4.2-milestone-3 through 16.4.7, 16.5.0-rc-1 through 16.10.5, and 17.0.0-rc-1 through 17.2.2. Issue: two templates contain reflected XSS allowing attacker-controlled URLs to execute JavaScript in the victim’s session...

CVE-2025-33118

IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 12 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2025-50869

A stored Cross-Site Scripting XSS vulnerability exists in the qureydetails.php page of Institute-of-Current-Students 1.0, where the input fields for Query and Answer do not properly sanitize user input. Authenticated users can inject arbitrary JavaScript code...

CVE-2025-33118 IBM QRadar SIEM cross-site scripting

IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 12 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2025-50869

A stored Cross-Site Scripting XSS vulnerability exists in the qureydetails.php page of Institute-of-Current-Students 1.0, where the input fields for Query and Answer do not properly sanitize user input. Authenticated users can inject arbitrary JavaScript code...

PT-2025-31653 · Ibm · Ibm Qradar Siem

Name of the Vulnerable Software and Affected Versions: IBM QRadar SIEM versions 7.5 through 7.5.0 Update Pack 12 Description: IBM QRadar SIEM is susceptible to stored cross-site scripting. Authenticated users can embed arbitrary JavaScript code within the Web UI, potentially altering functionalit...

CVE-2025-50869

CVE-2025-50869 is a stored XSS vulnerability in Institute-of-Current-Students 1.0, located in the qureydetails.php page. The input fields for Query and Answer are not properly sanitized, allowing authenticated users to inject arbitrary JavaScript code. Public documentation in connected sources co...

CVE-2025-32731

A reflected cross-site scripting xss vulnerability exists in the radiationDoseReport.php functionality of meddream MedDream PACS Premium 7.3.5.860. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabilit...

AlmaLinux 9 : thunderbird (ALSA-2025:12187)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:12187 advisory. firefox: thunderbird: Large branch table could lead to truncated instruction CVE-2025-8028 firefox: thunderbird: Memory safety bugs CVE-2025-8035 firefox...

CVE-2025-40685 Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System

Reflected Cross-Site Scripting XSS in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searcstate' parameter in/state.php...

CVE-2025-40683

CVE-2025-40683 is a reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System version 1.0. The issue resides in the searccity parameter of the /city.php endpoint, where input is reflected without proper sanitization, allowing an attacker to execute JavaScript in the v...

PT-2025-31193 · Unknown · Human Resource Management System

Name of the Vulnerable Software and Affected Versions: Human Resource Management System version 1.0 Description: Reflected Cross-Site Scripting XSS exists in Human Resource Management System version 1.0. This issue could allow an attacker to execute JavaScript code in the victim's browser by...

PT-2025-31195 · Unknown · Human Resource Management System Version 1.0

Name of the Vulnerable Software and Affected Versions: Human Resource Management System version 1.0 Description: This issue allows an attacker to execute JavaScript code in a victim’s browser. This is achieved by sending a malicious URL through the employeeid parameter. The vulnerable location is...

CVE-2025-54423 copyparty has a DOM-Based XSS vulnerability when displaying multimedia metadata

copyparty is a portable file server. In versions up to and including versions 1.18.4, an unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files. This is fixed in version 1.18.5...

CVE-2025-54423 copyparty has a DOM-Based XSS vulnerability when displaying multimedia metadata

copyparty is a portable file server. In versions up to and including versions 1.18.4, an unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files. This is fixed in version 1.18.5...