CVE-2025-40724

Vulnerability : CVE-2025-40724 affects the Pharmacy POS PHP Script. A Stored Cross-Site Scripting (XSS) flaw exists in the /edit_medicine.php endpoint, exploitable via the u_medicine_name parameter to inject JavaScript into victims’ browsers. Impact : As described, an attacker can steal sensitive...

CVE-2025-40724 Stored Cross-Site Scripting (XSS) in Pharmacy POS PHP Script

Stored Cross-Site Scripting XSS vulnerability in Pharmacy POS PHP Script. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the umedicinename parameter in /editmedicine.php. This vulnerability can be exploited to...

CVE-2025-40724 Stored Cross-Site Scripting (XSS) in Pharmacy POS PHP Script

Stored Cross-Site Scripting XSS vulnerability in Pharmacy POS PHP Script. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the umedicinename parameter in /editmedicine.php. This vulnerability can be exploited to...

CVE-2025-33097 IBM QRadar SIEM cross-site scripting

IBM QRadar SIEM 7.5 - 7.5.0 UP12 IF02 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-33097 IBM QRadar SIEM cross-site scripting

IBM QRadar SIEM 7.5 - 7.5.0 UP12 IF02 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-2793

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus...

CVE-2025-52357

Cross-Site Scripting XSS vulnerability exists in the ping diagnostic feature of FiberHome FD602GW-DX-R410 router firmware V2.2.14, allowing an authenticated attacker to execute arbitrary JavaScript code in the context of the router s web interface. The vulnerability is triggered via user-supplied...

CVE-2025-52357

FiberHome FD602GW-DX-R410 router (firmware V2.2.14) contains a reflected XSS in the ping diagnostic feature. Authenticated users can inject input in the ping form field, which is not properly sanitized, allowing arbitrary JavaScript execution in the router’s admin/web interface. Impacts include s...

CVE-2023-43039

IBM OpenPages with Watson 9.0 is reported vulnerable to cross‑site scripting in the Web UI, enabling embedding of arbitrary JavaScript and potentially exposing credentials within a trusted session. CVSSv3.1 base score 6.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). Red Hat and PT Security entries reit...

CVE-2025-3630

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI...

CVE-2025-2793 IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus...

CVE-2025-40720

Reflected Cross-site Scripting XSS vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the campo parameter in /FacturaE/VerFacturaPDF...

CVE-2025-40721

Reflected Cross-site Scripting XSS vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the idfactura parameter in /FacturaE/listadofacturasficha.jsp...

PT-2025-28470 · Ibm · Ibm Sterling File Gateway +1

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator versions 6.0.0.0 through 6.1.2.6 IBM Sterling B2B Integrator versions 6.2.0.0 through 6.2.0.4 IBM Sterling File Gateway versions 6.0.0.0 through 6.1.2.6 IBM Sterling File Gateway versions 6.2.0.0 through 6.2.0.4...

CVE-2025-27448

CVE-2025-27448 affects Endress+Hauser MEAC300-FNADE4 web interface. The vulnerability is a cross-site scripting (XSS) flaw caused by improper validation of user input in the dashboard name. An attacker who can create dashboards can inject JavaScript into the dashboard name, which executes when th...

CVE-2025-36056

IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI...

CVE-2025-40734

Reflected Cross-Site Scripting XSS vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the password and confirmpassword parameters in /register.php...

CVE-2025-36056

IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI...

CVE-2025-2141

IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI...

CVE-2025-2141 IBM System Storage Virtualization Engine TS7700 cross-site scripting

IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI...