CVE-2024-49754

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the "token" parameter when creating a new API token. This vulnerability can result i...

CVE-2024-45592

auditor-bundle, formerly known as DoctrineAuditBundle, integrates auditor library into any Symfony 3.4+ application. Prior to version 5.2.6, there is an unescaped entity property enabling Javascript injection. This is possible because %sourcelabel% in twig macro is not escaped. Therefore script...

CVE-2024-45799

FluxCP is a web-based Control Panel for rAthena servers written in PHP. A javascript injection is possible via venders/buyers list pages and shop names, that are currently not sanitized. This allows executing arbitrary javascript code on the user's browser just by visiting the shop pages. As a...

CVE-2024-2050

CWE-79: Improper Neutralization of Input During Web Page Generation ‘Cross-site Scripting’ vulnerability exists when an attacker injects then executes arbitrary malicious JavaScript code within the context of the product...

CVE-2024-31199

A “CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'” allows malicious users to permanently inject arbitrary Javascript code...

CVE-2024-53843

@dapperduckling/keycloak-connector-server is an opinionated series of libraries for Node.js applications and frontend clients to interface with keycloak. A Reflected Cross-Site Scripting XSS vulnerability was discovered in the authentication flow of the application. This issue arises due to...

IBM Security Verify Access 跨站脚本漏洞

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated acce...

CVE-2024-57237

Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross Site Scripting XSS in the /reqproc/procget endpoint. The vulnerability arises because the cmd parameter does not properly sanitize input and the response is served with a Content-Type of text/html. This behavior allows the...

CVE-2024-53943

An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to XSS via the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute JavaScript within the context of the current user by injecting JavaScript into the SSID...

USN-7250-1 netdata vulnerabilities

It was discovered that Netdata incorrectly handled parsing JSON input, which could lead to a JSON injection. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. CVE-2018-18836 It was discovered that Netdata incorrectly handled parsing HT...

CVE-2024-53943

An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to XSS via the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute JavaScript within the context of the current user by injecting JavaScript into the SSID...

CVE-2024-57237

Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross Site Scripting XSS in the /reqproc/procget endpoint. The vulnerability arises because the cmd parameter does not properly sanitize input and the response is served with a Content-Type of text/html. This behavior allows the...

CVE-2024-47116

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

CVE-2024-49807

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin...

IBM Financial Transaction Manager 跨站脚本漏洞

IBM Financial Transaction Manager is a financial transaction manager from International Business Machines IBM. The product is primarily used to monitor, track and report on financial payments and transactions. A cross-site scripting vulnerability exists in IBM Financial Transaction Manager that...

TeamCal Neo 跨站脚本漏洞

TeamCal Neo is a calendar-based web application from the individual developer George Lewe. A cross-site scripting vulnerability exists in TeamCal Neo version 3.8.2. An attacker can exploit this vulnerability to execute malicious JavaScript code by injecting code via the abs parameter in...

CVE-2025-0747 Stored Cross-Site vulnerability in EmbedAI

A Stored Cross-Site Scripting vulnerability has been found in EmbedAI. This vulnerability allows an authenticated attacker to inject a malicious JavaScript code into a message that will be executed when a user opens the chat...

CVE-2025-0747 Stored Cross-Site vulnerability in EmbedAI

A Stored Cross-Site Scripting vulnerability has been found in EmbedAI. This vulnerability allows an authenticated attacker to inject a malicious JavaScript code into a message that will be executed when a user opens the chat...

CVE-2025-0746 Reflected Cross-Site Scripting vulnerability in EmbedAI

A Reflected Cross-Site Scripting vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to craft a malicious URL leveraging the"/embedai/users/show/" endpoint to inject the malicious JavaScript code. This JavaScript code will be executed when a...

CVE-2025-0746 Reflected Cross-Site Scripting vulnerability in EmbedAI

A Reflected Cross-Site Scripting vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to craft a malicious URL leveraging the"/embedai/users/show/" endpoint to inject the malicious JavaScript code. This JavaScript code will be executed when a...