PT-2025-18170 · Ibm · Ibm Operational Decision Manager

Name of the Vulnerable Software and Affected Versions: IBM Operational Decision Manager versions 8.11.0.1 through 9.0.0.1 Description: The issue allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to...

CVE-2024-11922

Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email...

CVE-2024-11922 Input Validation vulnerability in Web Client emails that do not go through Secure Mail

Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email...

Cross-site Scripting (XSS)

Laravel Starter is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization that allowing users to inject malicious JavaScript code into the tag name field...

CVE-2025-26159

Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting XSS in the tags feature. Any user with the ability of create or modify tags can inject malicious JavaScript code in the name field...

CVE-2025-3760

A stored cross-site scripting XSS vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10...

Cross-site Scripting (XSS)

Liferay Portal is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to improper handling of radio button type custom fields, allowing remote authenticated attackers to inject malicious JavaScript into a page...

CVE-2025-2703

A DOM-based Cross-site scripting vulnerability exists in Grafana's built-in XY Chart plugin. This flaw allows an attacker with editor-level privileges to inject and execute arbitrary JavaScript code by editing an XY Chart Panel. The vulnerability bypasses the Content Security Policy, allowing the...

GHSA-FPX3-H2PC-88VF Laravel Starter Cross Site Scripting (XSS)

Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting XSS in the tags feature. Any user with the ability of create or modify tags can inject malicious JavaScript code in the name field...

CVE-2025-26159

Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting XSS in the tags feature. Any user with the ability of create or modify tags can inject malicious JavaScript code in the name field...

CVE-2024-42699

Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field...

Alkacon OpenCMS 安全漏洞

Alkacon OpenCMS is a content management system from Alkacon Inc. A security vulnerability exists in Alkacon OpenCMS version 17.0, which stems from cross-site scripting in the title subfield of the image field in the Create/Modify article function, which could lead to the injection of a javascript...

CVE-2024-42699

Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field...

The vulnerability of the doUpdate function in the web interface of TP-Link’s router software, TL-WR841N, allows a hacker to inject any JavaScript code.

The vulnerability of the doUpdate function in the web interface of TP-Link’s router software, the TL-WR841N, is related to a deficiency in the upnpTbl filter parameter when accessing the UPnP.html web page. Exploiting this vulnerability allows an attacker to inject arbitrary JavaScript code by...

SAP NetWeaver Application Server ABAP Cross-Site Scripting Vulnerability

SAP NetWeaver Application Server ABAP is an application server from SAP in Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server ABAP, which arises from insufficiently encoded input, allowing an attacker to inject malicious JavaScript.No details of the...

CVE-2025-24297

Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal...

Liferay Cross-site Scripting vulnerability

A stored cross-site scripting XSS vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10...

GHSA-QHP6-VP7C-G7XP Liferay Cross-site Scripting vulnerability

A stored cross-site scripting XSS vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10...

CVE-2025-3760

A stored cross-site scripting XSS vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10...

CVE-2025-3760

CVE-2025-3760 is a stored XSS vulnerability in Liferay Portal (radio button type custom fields) affecting Portal 7.2.0–7.4.3.129 and Liferay DXP 2024.Q1–Q4, 2023 Q3–Q4, and related GA/update branches. The underlying issue is injection of malicious JavaScript into a page by remote authenticated at...