CVE-2025-45805

In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an appointment...

CVE-2025-45805

In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an appointment...

CVE-2025-45805

CVE-2025-45805 affects phpgurukul Doctor Appointment Management System 1.0. An authenticated doctor can inject JavaScript into the doctor profile name, which is rendered unsafely when patients book an appointment, enabling stored XSS in the victim’s browser. The exploit is demonstrated in the lin...

PT-2025-35815

Name of the Vulnerable Software and Affected Versions: phpgurukul Doctor Appointment Management System version 1.0 Description: An authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is rendered without proper sanitization when a user visits the...

CVE-2025-45805

In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an appointment...

CVE-2025-33082

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

PT-2025-35491

Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.1.0 Description: IBM Concert Software is susceptible to cross-site scripting. An authenticated user can embed arbitrary JavaScript code in the Web UI, potentially altering functionality and leadin...

Linux Distros Unpatched Vulnerability : CVE-2025-27406

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present...

Linux Distros Unpatched Vulnerability : CVE-2024-8648

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 16 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could...

Exploit for CVE-2025-55580

CVE-2025-55580 - SolidInvoice Stored Cross-Site Scripting XSS...

CVE-2025-54543 Stored XSS in QuickCMS

QuickCMS is vulnerable to Stored XSS via sDescriptionMeta parameter in page editor SEO functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add...

Linux Distros Unpatched Vulnerability : CVE-2024-32887

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sidekiq is simple, efficient background processing for Ruby. Sidekiq is reflected XSS vulnerability. The value of substr parameter is reflected in the response...

Linux Distros Unpatched Vulnerability : CVE-2025-31501

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink. CVE-2025-31501 Note that Nessus relies on the presen...

Linux Distros Unpatched Vulnerability : CVE-2018-11563

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Open Ticket Request System OTRS 6.0.x through 6.0.7. A carefully constructed email could be used to inject and execute arbitrary...

CVE-2025-43760

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.6, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.20 and 7.4 GA through update 92 allows ...

CVE-2025-43753

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.32 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 update 32 through update ...

CVE-2025-43755

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 t through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.13, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92...

CVE-2025-43756

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.15, 2025.Q2.0 through 2025.Q2.2 and 2024.Q1.13 through 2024.Q1.19 allows a remote authenticated user to inject JavaScript code via snippet parameter...

GHSA-H8GX-4HHM-W45V Liferay Portal stored cross-site scripting in text field of the web content structure

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject...

Liferay Portal stored cross-site scripting in text field of the web content structure

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject...