4739 matches found
CVE-2025-2745 AVEVA PI Web API Cross-site Scripting
A cross-site scripting vulnerability exists in AVEVA PI Web API version 2023 SP1 and prior that, if exploited, could allow an authenticated attacker with privileges to create/update annotations or upload media files to persist arbitrary JavaScript code that will be executed by users who were...
CVE-2025-4417
CVE-2025-4417 – AVEVA PI Connector for CygNet Affected product: AVEVA PI Connector for CygNet, version 1.6.14 and prior. Vulnerability: Cross-site scripting (XSS) that, if exploited, could let an administrator with local access to the connector admin portal persist arbitrary JavaScript code to be...
CVE-2025-4417 AVEVA PI Connector for CygNet Cross-site Scripting
A cross-site scripting vulnerability exists in AVEVA PI Connector for CygNet Versions 1.6.14 and prior that, if exploited, could allow an administrator miscreant with local access to the connector admin portal to persist arbitrary JavaScript code that will be executed by other users who visit...
CVE-2025-32466
A SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1.7 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text...
CVE-2025-32466 Extension - rsjoomla.com - SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1.7 for Joomla
A SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1.7 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text...
CVE-2025-0917
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...
CVE-2025-0917 IBM Cognos Analytics cross-site scripting
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...
CVE-2025-0917 IBM Cognos Analytics cross-site scripting
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
CVE-2025-49137
HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, the application does not sufficiently sanitize user input, allowing for the execution of arbitrary JavaScript code. The 'saveNode' and 'saveManifest' endpoints take user input and store it in...
CVE-2025-40675 Reflected Cross-Site Scripting (XSS) in Bagisto
A Reflected Cross-Site Scripting XSS vulnerability has been found in Bagisto v2.0.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the parameter 'query' in '/search'. This vulnerability can be exploited to stea...
PT-2025-24501 · Unknown · Cloudclassroom-Php Project
Name of the Vulnerable Software and Affected Versions: CloudClassroom PHP Project affected versions not specified Description: A Cross-Site Scripting XSS issue exists in the CloudClassroom PHP Project, specifically in the askquery.php file, via the eid parameter. This allows remote attackers to...
CVE-2025-25044
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2025-2896
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2025-20297
In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint th...
CVE-2024-40114
A Cross Site Scripting XSS vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious JavaScript code...
CVE-2025-2896
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2025-25044
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2025-2896 IBM Planning Analytics Local cross-site scripting
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2025-1484
A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An attacker can use this vulnerability to construct a request that will cause JavaScript code supplied ...