CVE-2025-52358

A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ Server including Firmware version 4.7.8.0.eden Logic version 5.32 and below. This issue allows attackers to inject JavaScript payloads within the error or edit-menu-item parameters which are then executed in the victim's brows...

CVE-2025-52358

CVE-2025-52358 affects Vivaldi United Group iCONTROL+ Server (firmware 4.7.8.0.eden Logic 5.32 and earlier). The vulnerability is a cross-site scripting issue where attackers can inject JavaScript payloads into error or edit-menu-item parameters, which are executed in the victim’s browser session...

Exploit for Cross-site Scripting in Atmail

AWAE/OSWE Preparation for coming AWAE Training. Work in progress... Atmail Mail Server Appliance: from XSS to RCE 6.4 CVE-2012-2593 - https://www.exploit-db.com/exploits/20009 - https://github.com/sourceincite/poc/blob/master/SRC-2016-0012.py ATutor Authentication Bypass and RCE 2.2.1 CVE-2016-25...

CVE-2025-51411

A reflected cross-site scripting XSS vulnerability exists in Institute-of-Current-Students v1.0 via the email parameter in the /postquerypublic endpoint. The application fails to properly sanitize user input before reflecting it in the HTML response. This allows unauthenticated attackers to injec...

CVE-2025-51411

A reflected cross-site scripting XSS vulnerability exists in Institute-of-Current-Students v1.0 via the email parameter in the /postquerypublic endpoint. The application fails to properly sanitize user input before reflecting it in the HTML response. This allows unauthenticated attackers to injec...

CVE-2025-45892

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code...

CVE-2025-51411

CVE-2025-51411 affects Institute-of-Current-Students v1.0, with a reflected XSS vulnerability in the /postquerypublic endpoint via the email parameter. The root cause is insufficient sanitization of user input, allowing an attacker-controlled string to be reflected in HTML and execute arbitrary J...

CVE-2025-47061

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-46996

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-46996 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-46996 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Operator Surname

Exploit Title: LiveHelperChat 4.61 - Stored Cross Site Scripting XSS via Operator Surname Date: 09/06/2025 Exploit Author: Manojkumar J TheWhiteEvil Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/ Software Link:...

Exploit for Cross-site Scripting in Campcodes Online_Movie_Theater_Seat_Reservation_System

XSS Exploit for CVE-2025-7840 Author: Byte Reaper @ByteR...

CVE-2025-52687

Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service DoS...

Cross-site Scripting (XSS)

org.opennms:opennms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to stored XSS caused by unsanitized parameters on multiple nodes, allowing attackers to inject malicious HTML or JavaScript into database entries that are rendered on user-facing pages...

CVE-2025-52687

Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service DoS...

CVE-2025-52687

The CVE-2025-52687 issue applies to Alcatel-Lucent OmniAccess Stellar products (Web Management Interface). Affected component: web management payload handling. Root cause described in sources as ability for an attacker with administrator credentials on the access point to inject malicious JavaScr...

CVE-2025-52687 JavaScript Injection Vulnerability in the OmniAccess Stellar Web Management Interface

Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service DoS...

Alcatel-Lucent OmniAccess Stellar Products 安全漏洞

Alcatel-Lucent OmniAccess Stellar Products is a line of WiFi access points from Alcatel-Lucent, France. A security vulnerability exists in Alcatel-Lucent OmniAccess Stellar Products that stems from the possible injection of malicious JavaScript, leading to session hijacking and denial of service...

PT-2025-29695 · Unknown · Access Point

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: Successful exploitation of the issue could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffic, potentially leading ...