PT-2025-28017 · Mediawiki · Securepoll Extension +1

Name of the Vulnerable Software and Affected Versions: Mediawiki - SecurePoll extension versions 1.39.0 through 1.39.12 Mediawiki - SecurePoll extension versions 1.42.0 through 1.42.6 Mediawiki - SecurePoll extension versions 1.43.0 through 1.43.1 Description: The issue arises from improper...

Wikimedia Mediawiki - SecurePoll extension 安全漏洞

Wikimedia Mediawiki - SecurePoll extension is a special page extension for elections, polls and surveys from the Wikimedia Foundation. A security vulnerability in the Mediawiki - SecurePoll extension versions prior to 1.39.13, prior to 1.42.7, and prior to 1.43.2, which stems from improperly...

CVE-2025-6563

A cross-site scripting vulnerability is present in the hotspot of MikroTik's RouterOS on versions below 7.19.2. An attacker can inject the javascript protocol in the dst parameter. When the victim browses to the malicious URL and logs in, the XSS executes. The POST request used to login, can also...

CVE-2025-27447

The web application is susceptible to cross-site-scripting attacks. An attacker can create a prepared URL, which injects JavaScript code into the website. The code is executed in the victim’s browser when an authenticated administrator clicks the link...

CVE-2025-27447

The web application is susceptible to cross-site-scripting attacks. An attacker can create a prepared URL, which injects JavaScript code into the website. The code is executed in the victim’s browser when an authenticated administrator clicks the link...

CVE-2025-27448

The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboards can inject JavaScript code into the dashboard name which will be executed when the website is loaded...

CVE-2025-27448 CVE-2025-27448

The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboards can inject JavaScript code into the dashboard name which will be executed when the website is loaded...

CVE-2025-27448 CVE-2025-27448

The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboards can inject JavaScript code into the dashboard name which will be executed when the website is loaded...

CVE-2025-27447 CVE-2025-27447

The web application is susceptible to cross-site-scripting attacks. An attacker can create a prepared URL, which injects JavaScript code into the website. The code is executed in the victim’s browser when an authenticated administrator clicks the link...

CVE-2025-27447 CVE-2025-27447

The web application is susceptible to cross-site-scripting attacks. An attacker can create a prepared URL, which injects JavaScript code into the website. The code is executed in the victim’s browser when an authenticated administrator clicks the link...

CVE-2025-27447

CVE-2025-27447 involves a cross-site scripting vulnerability in Endress+Hauser MEAC300-FNADE4. The weakness arises from insufficient filtering/escaping of user-supplied data, enabling an attacker to craft a URL that injects JavaScript executed in an authenticated administrator’s browser when the ...

PT-2025-27776

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The web application is susceptible to cross-site-scripting attacks. An attacker can create a prepared URL, which injects JavaScript code into the website. The code is executed in the victim’...

PT-2025-27777 · Endress+Hauser · Endress+Hauser Meac300-Fnade4

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboards can inject JavaScript code into the dashboard name which will be executed when t...

CVE-2025-2141

CVE-2025-2141 affects IBM System Storage Virtualization Engine TS7700 (models 3957-VED, 3948-VED, 3948-VEF) with firmware 8.54.2.17/8.60.0.115. The issue is a cross-site scripting vulnerability in the management Web UI that allows an authenticated user to embed arbitrary JavaScript, potentially l...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the ScriptEvaluator process. An attacker can execute arbitrary operating system commands by injecting malicious JavaScript code. Remediation Upgrade org.conductoross:java-sdk to version 3.21.13 or higher...

CVE-2025-50367

A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript...

CVE-2024-52900

CVE-2024-52900 affects IBM Cognos Analytics 11.2.0–11.2.4 IF5 and 12.0.0–12.0.4, with a stored cross-site scripting vulnerability in the Web UI allowing authenticated users to embed arbitrary JavaScript and potentially disclose credentials. The issue arises in the web interface’s handling of inpu...

IBM Cognos Analytics 跨站脚本漏洞

IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist organizations in adjusting their decisions by analyzing such things as key factors and key people. A cross-site...

CVE-2025-50367

A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript...

CVE-2025-50367

A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript...