5077 matches found
DNN 跨站脚本漏洞
DNN also known as DotNetNuke is a set of American DNN company by Microsoft support, based on the ASP.NET platform of open source content management system CMS. The system is easy to install, scalable, feature-rich and so on. A cross-site scripting vulnerability exists in versions prior to DNN...
PT-2025-39200
Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 10.1.0 Description DNN formerly DotNetNuke is an open-source web content management platform. Versions prior to 10.1.0 have a javascript injection issue related to specially crafted URLs to the...
CVE-2025-57205
iNiLabs School Express SMS Express 6.2 is affected by a Stored Cross-Site Scripting XSS vulnerability in the content-management features available to authenticated admin users. The vulnerability resides in POSTed editor parameters submitted to the /posts/edit/id endpoint and similarly in Notice a...
PT-2025-38758
Name of the Vulnerable Software and Affected Versions ARD affected versions not specified Description A Cross-Site Scripting XSS issue exists in the Ajax transaction manager endpoint of ARD. An attacker can intercept the Ajax response and inject malicious JavaScript into the accountName field. Th...
PT-2025-39078
Name of the Vulnerable Software and Affected Versions iNiLabs School Express SMS Express version 6.2 Description iNiLabs School Express SMS Express 6.2 is susceptible to a Stored Cross-Site Scripting XSS issue within its content-management features, accessible to authenticated administrator users...
PT-2025-39190
Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 10.1.0 Description DNN formerly DotNetNuke is an open-source web content management platform. Prior to version 10.1.0, the Biography field allowed injection of javascript code, even when not configured...
Cross-site Scripting (XSS)
Liferay Portal is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input validation because the application fails to sanitize the referer or FORWARDURL parameters, allowing attackers to inject JavaScript using %00...
CVE-2025-9992
The Ghost Kit – Page Builder Blocks, Motion Effects & Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS field in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
CVE-2025-52344
Multiple Cross Site Scripting XSS vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project Description input fields...
CVE-2025-57145
CVE-2025-57145 concerns an XSS in the ATSMS web application, specifically the search-autootaxi.php endpoint. The issue arises from improper sanitization of form input, allowing a attacker-supplied JavaScript payload to be stored in the backend and executed when an affected report page is viewed. ...
CVE-2025-52344
Multiple Cross Site Scripting XSS vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project Description input fields...
CVE-2025-57117
An analysis of CVE-2025-57117, with multiple connected sources, confirms a Clickjacking vulnerability in Rems’ Employee Management System v1.0. The issue resides in the department.php page where an attacker can inject a malicious payload via the Department Name field under Add Department to execu...
CVE-2025-43787
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.2...
CVE-2025-43787
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.2...
Reflected Cross-Site Scripting (Reflected XSS)
com.liferay.portal, release.portal.bom is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper validation of the snippet parameter, which allows an attacker to inject and execute arbitrary JavaScript code in a victim’s browser...
CVE-2025-43778
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.11, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.20 allows an...
CVE-2025-58746
The Volkov Labs Business Links panel for Grafana provides an interface to navigate using external links, internal dashboards, time pickers, and dropdown menus. Prior to version 2.4.0, a malicious actor with Editor privileges can escalate their privileges to Administrator and perform arbitrary...
Decap CMS Cross Site Scripting (XSS) vulnerability
Decap CMS through 3.8.3 is vulnerable to stored Cross-Site Scripting XSS in the admin preview pane. User-controlled fields e.g., title, description, tags, and body are rendered in the preview without sufficient sanitization/escaping. An attacker with low-privilege author/contributor access can...
Cross-site Scripting (XSS)
Liferay Portal is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of the comliferayjournalwebportletJournalPortletbackURL parameter, which allows injection of malicious JavaScript code...
Linux Distros Unpatched Vulnerability : CVE-2019-18210
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users Teacher and above to inject JavaScript into the session of another user...