CVE-2025-62249

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0 through 2025.Q3.2, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13,...

CVE-2025-61255

Bank Locker Management System by PHPGurukul is affected by a Cross-Site Scripting XSS vulnerability via the /search parameter, where unsanitized input allows arbitrary HTML and JavaScript injection, potentially resulting in information disclosure and user redirection...

CVE-2025-61255

CVE-2025-61255 is a cross-site scripting (XSS) vulnerability affecting the Bank Locker Management System by PHPGurukul, exploitable through the /search parameter where unsanitized input allows arbitrary HTML/JavaScript injection. This can lead to information disclosure and user redirection. The i...

Taguette 跨站脚本漏洞

Taguette is a qualitative research tool by the individual developer Remi Rampin. A cross-site scripting vulnerability exists in Taguette versions prior to 1.5.0, which stems from a project member being able to insert JavaScript code into a name or description field, potentially leading to a...

CVE-2025-11925

Incorrect Content-Type header in one of the APIs text/html instead of application/json replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-11183

Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...

CVE-2025-60374

This CVE describes a Stored XSS in Perfex CRM’s chatbot feature prior to v3.3.1. The vulnerability allows injected HTML/JavaScript to execute in users’ browsers when viewing chat messages, enabling client-side code execution and potential session token theft. Affected product: Perfex CRM (chatbot...

CVE-2025-60374

Stored Cross-Site Scripting XSS in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A...

GHSA-GXP8-M5RQ-3M38 QGIS QWC2 Cross-Site Scripting vulnerability

Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...

CVE-2025-11184

Cross-site scripting vulnerability in QGIS QWC2 Registration GUI =v2025.03.31 allows an authorized attacker to plant arbitrary JavaScript code in the page...

CVE-2025-11183 Cross-Site Scripting Vulnerability in QWC2

Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...

CVE-2025-11183 Cross-Site Scripting Vulnerability in QWC2

Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...

QGIS QWC2 Registration GUI 安全漏洞

The QGIS QWC2 Registration GUI is an optional application of the Web Front End Client Framework from the QGIS organization. A security vulnerability exists in QGIS QWC2 Registration GUI v2025.03.31 and earlier versions, which originates from an authorized attacker who can plant arbitrary JavaScri...

QGIS QWC2 安全漏洞

QGIS QWC2 is a web front-end client framework from the QGIS organization. A security vulnerability exists in QGIS QWC2 versions prior to 2025.08.14, which stems from a cross-site scripting vulnerability in the attribute table that could lead to an authorized attacker planting arbitrary JavaScript...

CVE-2025-56683

A cross-site scripting XSS vulnerability in the component /app/marketplace.html of Logseq v0.10.9 allows attackers to execute arbitrary code via injecting arbitrary Javascript into a crafted README.md file...

CVE-2025-60299

Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting XSS vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comment. The payload is stored in the database a...

CVE-2025-61788

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs metadata like title, description, etc. unfiltered and unmodified. The vulnerability allows attackers to...

EUVD-2025-33290

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs metadata like title, description, etc. unfiltered and unmodified. The vulnerability allows attackers to...

EUVD-2025-33169

Configuroweb Sistema Web de Inventario 1.0 is vulnerable to a Stored Cross-Site Scripting XSS due to the lack of input sanitization on the product name parameter Nombre:Producto allowing an authenticated attacker to inject malicious payloads and execute arbitrary JavaScript...

CVE-2025-61998

OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content as a URL within the Technical Support Hyperlink Manager. Injected content is executed in the context of other users when they click the malicious link. Successful exploitation allows the...