CVE-2025-0746

CVE-2025-0746 concerns EmbedAI (≤2.1). A reflected XSS flaw exists in the /embedai/users/show/ endpoint, enabling an authenticated attacker to craft a malicious URL that injects JavaScript executed when the target user opens it. Affected products: EmbedAI versions 2.1 and earlier. The provided so...

EmbedAI 跨站脚本漏洞

EmbedAI is a platform from EmbedAI that enables users to use their data to create AI chatbots powered by ChatGPT. EmbedAI suffers from a cross-site scripting vulnerability. An attacker exploiting this vulnerability could inject malicious JavaScript code into messages...

EmbedAI 跨站脚本漏洞

EmbedAI is a platform from EmbedAI that enables users to use their data to create AI chatbots powered by ChatGPT. A cross-site scripting vulnerability exists in EmbedAI version 2.1 and prior versions. An attacker exploiting this vulnerability could inject malicious JavaScript code...

CVE-2024-37527

IBM OpenPages with Watson 8.3 and 9.0 are affected by a cross-site scripting vulnerability in the Web UI. An authenticated user can embed arbitrary JavaScript, potentially altering functionality and disclosing credentials in a trusted session. Affected products/versions: IBM OpenPages with Watson...

CVE-2024-57329

HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads...

CVE-2024-57329

HortusFox v3.9 is affected by a stored XSS in the Add Plant function. The name field does not sanitize/escape input, enabling injection and execution of arbitrary JavaScript payloads. Several connected sources confirm the vulnerability as a stored XSS (CVE-2024-57329) and note a temporary workaro...

CVE-2024-57329

HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads...

CVE-2024-48392

OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover...

CVE-2024-48392

OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover...

CVE-2024-48392

OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover...

PT-2025-2901 · Ibm · Ibm Robotic Process Automation For Cloud Pak

Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation for Cloud Pak versions 21.0.0 through 21.0.7.19 IBM Robotic Process Automation for Cloud Pak versions 23.0.0 through 23.0.19 Description: This issue allows an authenticated user to embed arbitrary JavaScript cod...

CVE-2024-41746

CVE-2024-41746 affects IBM CICS TX Advanced 10.1 and 11.1, and IBM CICS TX Standard 11.1. The Red Hat/IBM and CVE records consistently describe a stored cross-site scripting flaw in the Web UI that enables embedding of arbitrary JavaScript, potentially altering functionality and leading to creden...

Microweber 2.0.9 Cross Site Scripting Vulnerability

Microweber versions 2.0.9 and below suffer from multiple persistent cross site scripting vulnerabilities. CVE-2024-33298 Stored Cross Site Scripting vulnerability in Microweber .jpg on /media/default/ 6. Go back to the endpoint /admin/module/view?type=adminbackup and click on "Upload file" 7...

CVE-2025-22142

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user's profile on staff...

CVE-2025-22142 Cross-site Scripting in NamelessMC

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user's profile on staff...

NamelessMC 安全漏洞

NamelessMC is a free, easy to use and powerful website software from the NamelessMC team. For your Minecraft server, which contains tons of features. A security vulnerability previously existed in NamelessMC version 2.1.3, which stemmed from the ability for administrators to add functionality tha...

Reflected Cross-Site Scripting (Reflected XSS)

tltneon/lgsl is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to improper sanitization of the Referer HTTP header, allowing an attacker to inject arbitrary JavaScript code into the application's HTML response...

PHP-Textile has persistent XSS vulnerability in image link handling

Details Persistent XSS vulnerability in image link handling of PHP-Textile versions 4.1.2 and older, when running the parser in restricted mode. In restricted mode it is expected that the input would be sanitized, allowing user-input such as user comments to be parsed and handled safely by the...

Optimizely EPiServer.CMS.Core 安全漏洞

Optimizely EPiServer.CMS.Core is a content management system core from Optimizely. A security vulnerability exists in Optimizely EPiServer.CMS.Core versions prior to 12.22.0. An attacker can exploit this vulnerability to inject and execute arbitrary JavaScript code...

WordPress plugin wp-publications cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin wp-publications has a cross-site scripting vulnerability, the vulnerability stems from...