LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Operator Surname

Exploit Title: LiveHelperChat 4.61 - Stored Cross Site Scripting XSS via Operator Surname Date: 09/06/2025 Exploit Author: Manojkumar J TheWhiteEvil Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/ Software Link:...

Exploit for Cross-site Scripting in Campcodes Online_Movie_Theater_Seat_Reservation_System

XSS Exploit for CVE-2025-7840 Author: Byte Reaper @ByteR...

CVE-2025-52687

Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service DoS...

Cross-site Scripting (XSS)

org.opennms:opennms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to stored XSS caused by unsanitized parameters on multiple nodes, allowing attackers to inject malicious HTML or JavaScript into database entries that are rendered on user-facing pages...

CVE-2025-52687

Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service DoS...

CVE-2025-52687 JavaScript Injection Vulnerability in the OmniAccess Stellar Web Management Interface

Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service DoS...

CVE-2025-52687

The CVE-2025-52687 issue applies to Alcatel-Lucent OmniAccess Stellar products (Web Management Interface). Affected component: web management payload handling. Root cause described in sources as ability for an attacker with administrator credentials on the access point to inject malicious JavaScr...

PT-2025-29695 · Unknown · Access Point

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: Successful exploitation of the issue could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffic, potentially leading ...

Alcatel-Lucent OmniAccess Stellar Products 安全漏洞

Alcatel-Lucent OmniAccess Stellar Products is a line of WiFi access points from Alcatel-Lucent, France. A security vulnerability exists in Alcatel-Lucent OmniAccess Stellar Products that stems from the possible injection of malicious JavaScript, leading to session hijacking and denial of service...

Attackers Hide JavaScript in SVG Images to Lure Users to Malicious Sites

Beware! SVG images are now being used with obfuscated JavaScript for stealthy redirect attacks via spoofed emails. Get insights from Ontinue's latest research on detection and defence...

CVE-2025-52378

Summary: CVE-2025-52378 is a stored XSS vulnerability in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and earlier. The flaw arises from insufficient sanitization of the DEVICE_ALIAS input used by the /web/um_device_set_aliasname endpoint, enabling an attacker to inject JavaScript that r...

CVE-2025-52378

Cross-Site Scripting XSS vulnerability in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below allowing attackers to inject JavaScript code that is executed in the context of administrator sessions when viewing the device management page via the DEVICEALIAS parameter to the...

CVE-2025-49543

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2025-53479

The CheckUser extension’s Special:CheckUser interface is vulnerable to reflected XSS via the rev-deleted-user message. This message is rendered without proper escaping, making it possible to inject JavaScript through the uselang=x-xss language override mechanism. This issue affects Mediawiki -...

CVE-2025-53487

The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS in multiple locations where system messages are inserted into raw HTML without proper escaping. Attackers can exploit this by injecting JavaScript payloads via the uselang=x-xss language override, which causes crafted message ke...

CVE-2025-49534

Adobe Experience Manager versions FP11.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-49540

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2023-43039

IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2023-43039 IBM OpenPages with Watson cross-site scripting

IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2023-43039 IBM OpenPages with Watson cross-site scripting

IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...