5082 matches found
CVE-2025-44024
The CVE-2025-44024 entry concerns the Pichome system (v2.1.0 and earlier) with an XSS flaw in the login form caused by insufficient input sanitization. The vulnerable component is the login process where attacker-controlled inputs in the username or password fields can inject malicious JavaScript...
CVE-2025-30315
Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing t...
CVE-2025-30316
Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields, allowing a low‑privileged attacker to inject malicious JavaScript and have it executed when a user visits the affected page. Root cause is a stored XSS in input/for...
CVE-2025-30314 Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing t...
CVE-2025-30314 Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing t...
Cross-site Scripting (XSS)
com.liferay:com.liferay.marketplace.app.manager.web is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization due to failure to properly escape user-supplied input in the Marketplace App Manager Web module, allowing injection of JavaScript by unauthenticat...
CVE-2025-28074
phpList before 3.6.15 is vulnerable to Cross-Site Scripting XSS due to improper input sanitization in lt.php. The vulnerability is exploitable when the application dynamically references internal paths and processes untrusted input without escaping, allowing an attacker to inject malicious...
Cross-site Scripting (XSS)
Overview phpList/phplist3 is a popular open source newsletter manager. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the /lists/dl.php endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly sanitized...
CVE-2025-28073
phpList before 3.6.15 is vulnerable to Reflected Cross-Site Scripting XSS via the /lists/dl.php endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly sanitized...
CVE-2025-28073
phpList before 3.6.15 is vulnerable to Reflected Cross-Site Scripting XSS via the /lists/dl.php endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly sanitized...
CVE-2025-4388
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 GA through update 92 allows an remote non-authenticated...
CVE-2025-40846 HaloITSM open redirect via the returnUrl
Improper Input Validation, the returnUrl parameter in Account Security Settings lacks proper input validation, allowing attackers to redirect users to malicious websites Open Redirect and inject JavaScript code to perform cross site scripting attack. The vulnerability affects Halo versions up to...
PT-2025-20365 · Halo · Halo
Name of the Vulnerable Software and Affected Versions: Halo versions up to 2.174.101 Halo versions 2.175.1 through 2.184.21 Description: The issue is related to improper input validation, specifically with the returnUrl parameter in Account Security Settings. This lack of validation allows...
CVE-2025-28074
phpList is vulnerable to Cross-Site Scripting (XSS) in lt.php across versions prior to 3.6.15 due to improper input sanitization and dynamic referencing of internal paths. The issue allows an attacker to inject malicious JavaScript when untrusted input is processed without proper escaping, with p...
CVE-2025-28073
phpList before 3.6.15 is vulnerable to Reflected Cross-Site Scripting XSS via the /lists/dl.php endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly sanitized...
CVE-2025-46719
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, a vulnerability in the way certain html tags in chat messages are rendered allows attackers to inject JavaScript code into a chat transcript. The JavaScript code will be...
Exploit for Cross-site Scripting in Phplist
CVE-2025-28074 Suggested description phpList prior to 3.6.3...
Liferay Portal Reflected XSS in marketplace-app-manager-web
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 GA through update 92 allows an remote non-authenticated...
GHSA-P2F8-VQ4R-GQG3 Liferay Portal Reflected XSS in marketplace-app-manager-web
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 GA through update 92 allows an remote non-authenticated...
CVE-2025-4388
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 GA through update 92 allows an remote non-authenticated...