CVE-2025-24833

CVE-2025-24833 is a stored XSS vulnerability in desknet’s NEO, affecting version range V4.0R1.0–V9.0R2.0. The issue allows execution of arbitrary JavaScript in a user’s browser via a stored payload. The connected Red Hat (RH:CVE-2025-24833) and other feeds confirm the same description. No exploit...

NEOJAPAN desknets Web Server 跨站脚本漏洞

NEOJAPAN desknets Web Server is a back-end service for a large network group collaboration software from NEOJAPAN Japan. A cross-site scripting vulnerability exists in NEOJAPAN desknets Web Server, which stems from susceptibility to reflective cross-site scripting attacks that could lead to the...

NEOJAPAN desknets NEO 跨站脚本漏洞

NEOJAPAN desknets NEO is a large network group collaboration software from NEOJAPAN Japan. A cross-site scripting vulnerability exists in NEOJAPAN desknets NEO versions V2.0R1.0 through V9.0R2.0 that originates from stored cross-site scripting and could lead to the execution of arbitrary JavaScri...

Desknets Neo 跨站脚本漏洞

Desknets Neo is a remote office support software from Desknets Japan. A cross-site scripting vulnerability exists in Desknets Neo V9.0R2.0 and earlier versions, which originates from stored cross-site scripting and could lead to the execution of arbitrary JavaScript...

CVE-2025-62366

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated content is supplied. The function attempts t...

EUVD-2025-34656

A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-59269

A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-59269

CVE-2025-59269 is a stored cross-site scripting (XSS) vulnerability in BIG-IP Configuration utility. It affects BIG-IP (all modules) and stems from insufficient input handling on an undisclosed page, allowing an attacker to store and execute JavaScript in the context of the currently logged-in us...

CVE-2025-10869

Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...

F5 BIG-IP 跨站脚本漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 Corporation. A cross-site scripting vulnerability exists in F5 BIG-IP that stems from the presence of stored cross-site scripting o...

F5 BIG-IP 跨站脚本漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 USA. A cross-site scripting vulnerability exists in F5 BIG-IP that stems from the presence of reflective cross-site scripting on an...

EUVD-2025-34249

Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name...

Remote Code Execution

Flowise is vulnerable toRemote Code Execution. The vulnerability is due to unsafe evaluation of user-supplied configuration in the convertToValidJSONString function executing the mcpServerConfig input as JavaScript, An attackers can use this to execute arbitrary Node.js code to run commands or...

CVE-2025-61319

ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload, the unsanitized payload is rendered in the ReNgine web UI, resulting in arbitrary JavaScript execution in the victim's browser. This can b...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23553)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23554)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23549)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23546)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23539)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23565)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...