CVE-2025-36056 IBM System Storage Virtualization Engine TS7700 cross-site scripting

IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI...

CVE-2025-36056

IBM TS7700 family (3957-VED, 3948-VED, 3948-VEF) is affected by CVE-2025-36056, a cross-site scripting flaw in the Web UI that authenticated users can abuse to embed arbitrary JavaScript, potentially disclosing credentials within a trusted session. Affected microcode versions include 3957-VED R5....

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : yelp-xsl (SUSE-SU-2025:02168-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:02168-1 advisory. - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files...

CVE-2025-40734

Daily Expense Manager (version 1.0) is affected by a Reflected XSS flaw in /register.php, exploitable via POST parameters password and confirm_password. The root cause is insufficient input filtering/escaping of user-supplied data, enabling execution of injected JavaScript. Documented impact is a...

PT-2025-27494 · Ibm · Ibm System Storage Virtualization Engine Ts7700

Name of the Vulnerable Software and Affected Versions: IBM System Storage Virtualization Engine TS7700 versions 3957 VED R5.4 8.54.2.17 through R6.0 8.60.0.115 IBM System Storage Virtualization Engine TS7700 versions 3948 VED R5.4 8.54.2.17 through R6.0 8.60.0.115 IBM System Storage Virtualizatio...

PT-2025-27425 · Unknown · Daily Expense Manager

Name of the Vulnerable Software and Affected Versions: Daily Expense Manager version 1.0 Description: A Reflected Cross-Site Scripting XSS issue exists, allowing an attacker to execute JavaScript code. This is achieved by sending a POST request through the username parameter in the "/login.php" A...

PT-2025-27281 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.2.0 through 12.2.4 Fix Pack 5 IBM Cognos Analytics versions 12.0.0 through 12.0.4 Description: This issue allows authenticated users to embed arbitrary JavaScript code in the Web UI, potentially leading to...

CVE-2025-52902

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The Markdown preview function of File Browser prior to v2.33.7 is vulnerable to Stored Cross-Site-Scripting XSS. Any JavaScript code that is part of a...

CVE-2024-56916

A cross-site scripting flaw was found in Netbox. An attacker with an authenticated account on the system can add malicious Javascript code to a banner field and potentially execute this code in the context of another user's session. Mitigation Mitigation for this issue is either not available or...

CVE-2025-50183

OpenList Frontend (OpenList Frontend) prior to 4.0.0-rc.4 contains a stored Cross‑Site Scripting (XSS) in the file preview/browsing feature. Files with a .py extension that contain JavaScript wrapped in [removed] tags may be interpreted as HTML in certain modes, allowing script execution in the b...

CVE-2025-50183 OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer

OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in tags may be interpreted and executed as HTML in certain modes. Th...

CVE-2025-1349 IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...

CVE-2024-54183

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall...

CVE-2024-54183

IBM Sterling B2B Integrator and IBM Sterling File Gateway are vulnerable to cross-site scripting (CVE-2024-54183) in the web UI for versions 6.0.0.0–6.1.2.6 and 6.2.0.0–6.2.0.4 when accessed by an authenticated user, potentially allowing arbitrary JavaScript and credential disclosure within a tru...

PT-2025-26168 · Ibm · Ibm Sterling File Gateway +1

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator and IBM Sterling File Gateway versions 6.0.0.0 through 6.1.2.6 IBM Sterling B2B Integrator and IBM Sterling File Gateway versions 6.2.0.0 through 6.2.0.4 Description: The issue allows an authenticated user to embed...

TencentOS Server 3: nodejs:18 (TSSA-2023:0256)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0256 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 4: alertmanager (TSSA-2024:0822)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0822 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 3: gnome-shell (TSSA-2024:0394)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0394 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2025-49185

The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be executed when the widget receives data from its data source...

CVE-2025-4417

A cross-site scripting vulnerability exists in AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if exploited, could allow an administrator miscreant with local access to the connector admin portal to persist arbitrary JavaScript code that will be executed by other users who visit...