5082 matches found
CVE-2025-4388
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 GA through update 92 allows an remote non-authenticated...
CVE-2025-4388
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 GA through update 92 allows an remote non-authenticated...
CVE-2025-4388
Liferay Portal/DXP CVE-2025-4388 is a reflected XSS affecting Portal 7.4.0–7.4.3.131 and DXP 2024.Q1.1–Q4.5 across multiple 2024 releases up to 7.4 GA with update 92. The vulnerability allows a remote, unauthenticated attacker to inject JavaScript into the modules/apps/marketplace/marketplace-app...
CVE-2025-4388
A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 GA through update 92 allows an remote non-authenticated...
Cross-Site Scripting (XSS)
org.opencms, opencms-core is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input sanitization in the Create/Modify article function, allowing JavaScript injection via the image title sub-field...
CVE-2025-46734
league/commonmark is a PHP Markdown parser. A cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library versions 1.5.0 through 2.6.x allows remote attackers to insert malicious JavaScript calls into HTML. The league/commonmark library provides configurati...
CVE-2025-46719
Open WebUI vulnerability CVE-2025-46719 affects versions prior to 0.6.6. A flaw in rendering certain HTML tags in chat messages allows stored cross-site scripting (XSS) in chat transcripts, which are accessible by other users on the same server or via Open WebUI community sharing. In the user’s b...
PT-2025-19787 · Unknown · Open-Webui
Name of the Vulnerable Software and Affected Versions: Open WebUI versions prior to 0.6.6 Description: Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. A vulnerability in the way certain html tags in chat messages are rendered allows attackers to...
PT-2025-19795 · Unknown +1 · League/Commonmark +1
Name of the Vulnerable Software and Affected Versions: league/commonmark versions 1.5.0 through 2.6.x Description: A cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library allows remote attackers to insert malicious JavaScript calls into HTML. The...
CVE-2025-45015
A Cross-Site Scripting XSS vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. The vulnerability allows remote attackers to inject arbitrary JavaScript code via the fromdate and todate parameters...
CVE-2025-3929
An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window, and...
CVE-2025-45015
A Cross-Site Scripting XSS vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. The vulnerability allows remote attackers to inject arbitrary JavaScript code via the fromdate and todate parameters...
CVE-2025-45015
PHPGurukul Park Ticketing Management System v2.0 is affected by a Cross-Site Scripting (XSS) vulnerability in the foreigner-bwdates-reports-details.php file. The issue allows remote attackers to inject arbitrary JavaScript code through the fromdate and todate parameters, potentially compromising ...
PT-2025-30685 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: Adobe Experience Manager versions 6.5.22 and earlier are susceptible to a stored Cross-Site Scripting XSS issue. A low-privileged attacker can exploit this to inject malicious...
CVE-2025-45015
A Cross-Site Scripting XSS vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. The vulnerability allows remote attackers to inject arbitrary JavaScript code via the fromdate and todate parameters...
PT-2025-18274 · Unknown · Phpgurukul Park Ticketing Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Park Ticketing Management System version 2.0 Description: A Cross-Site Scripting XSS issue was discovered in the foreigner-bwdates-reports-details.php file. This issue allows remote attackers to inject arbitrary JavaScript code via...
CVE-2025-46346
YesWiki (PHP) prior to version 4.5.4 is affected by a stored XSS vulnerability in the comments feature. The issue arises because user input is not fully sanitized/encoded, allowing obfuscated payloads such as /* JavaScriptPayload */ to bypass filters and execute in the browser of users viewing af...
CVE-2025-46346 YesWiki Vulnerable to Stored XSS in Comments
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting XSS vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user...
CVE-2025-46346 YesWiki Vulnerable to Stored XSS in Comments
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting XSS vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user...
Security Bulletin: IBM Engineering Lifecycle Management is vulnerable to Javascript Injection. (CVE-2021-29669)
Summary Summary guidance: IBM Engineering Lifecycle Management - IBM Jazz is vulnerable to Javascript Injection. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2021-29669 DESCRIPTION: IBM Jazz Foundation is vulnerable to...