CVE-2024-54179 IBM Business Automation Workflow cross-site scripting

IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the...

CVE-2024-55064

Multiple cross-site scripting XSS vulnerabilities in EasyVirt DC NetScope = 8.6.4 allow remote attackers to inject arbitrary JavaScript or HTML code via the 1 smtpserver, 2 smtpaccount, 3 smtppassword, or 4 emailrecipients parameter to /smtp/update; the 5 ntp or 6 dns parameter to...

EasyVirt DC NetScope 跨站脚本漏洞

EasyVirt DC NetScope is an application from EasyVirt, Inc. provides network insight into the different network layers in the VMware infrastructure. A cross-site scripting vulnerability exists in EasyVirt DC NetScope 8.6.4 and prior versions that stems from multiple cross-site scripting...

CVE-2024-5848

A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper input validation. User-supplied data is directly included in server responses from vulnerable service endpoints without proper sanitization or encoding, allowing an attacker to inject malicious...

CVE-2024-5848

A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper input validation. User-supplied data is directly included in server responses from vulnerable service endpoints without proper sanitization or encoding, allowing an attacker to inject malicious...

CVE-2024-5848

A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper input validation. User-supplied data is directly included in server responses from vulnerable service endpoints without proper sanitization or encoding, allowing an attacker to inject malicious...

Cross-Site Scripting (XSS)

leantime/leantime is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization and output encoding of the title field in a To-Do, allows an attacker to inject and execute arbitrary JavaScript in a victim's browser...

CVE-2024-5848 Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products Due to Improper Input Validation

A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper input validation. User-supplied data is directly included in server responses from vulnerable service endpoints without proper sanitization or encoding, allowing an attacker to inject malicious...

CVE-2024-5848

CVE-2024-5848 is a reflected XSS in multiple WSO2 products caused by improper input validation. Attackers can inject malicious JavaScript via unsanitized user data echoed in server responses, potentially enabling UI manipulation, redirection to malicious sites, or browser data exfiltration. Docum...

PT-2025-8703 · Ibm · Ibm Cloud Pak For Data

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Data versions 4.0.0 through 4.8.5 IBM Cloud Pak for Data version 5.0.0 Description: The issue allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and...

CVE-2025-25460

A stored Cross-Site Scripting XSS vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to...

FlatPress 安全漏洞

FlatPress is a Php-based blog builder without database support from the FlatPress community. A security vulnerability exists in FlatPress version 1.3.1, which stems from an improperly cleaned and escaped TextArea field input in the Add Entry feature. An authenticated attacker can inject malicious...

CVE-2025-25460

A stored Cross-Site Scripting XSS vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to...

PT-2025-28156

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions prior to 1.9.24 Description: The issue allows an unauthenticated attacker to inject malicious JavaScript into the "v1/runs/ingest" endpoint by adding an empty citations field. This triggers a code path where...

CVE-2024-53974 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

IBM Cognos Controller 跨站脚本漏洞

IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and the creation and management of financial reports. IBM Cognos Controller suffers from a cross-site...

CVE-2024-56882

Sage DPW before 202412000 is vulnerable to Cross Site Scripting XSS. Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo input fields. The injected payload is executed for each authenticated user who views and interacts with...

PT-2025-6784 · Unknown · Bestinformed Web

Name of the Vulnerable Software and Affected Versions: bestinformed Web affected versions not specified Description: The issue arises from improper sanitization of user input in the bestinformed Web application, leading to multiple unauthenticated stored cross-site scripting vulnerabilities. An...

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2025-04975)

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. IBM Sterling B2B Integrator suffe...

CVE-2025-1271

Reflected Cross-Site Scripting XSS in Anapi Group's h6web. This security flaw could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected code is executed in their browser, which can result in the theft of sensitive information, identity the...