PT-2025-18331 · Hcl · Hcl Domino Volt

Name of the Vulnerable Software and Affected Versions: HCL Domino Volt affected versions not specified Description: The issue concerns an unsafe default file type filter policy that allows the upload of .html files, leading to the execution of unsafe JavaScript in deployed applications. This coul...

CVE-2025-40615

Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/apiajustes.php...

CVE-2025-40616

Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...

CVE-2025-40616 Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy

Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...

CVE-2025-40616

Bookgy’s CVE-2025-40616 is a reflected XSS in the IDRESERVA parameter of /bkg_imprimir_comprobante.php. The vulnerability arises from unsanitized input reflected in the response, allowing an attacker to execute JavaScript in the victim’s browser. Connected sources confirm the issue but do not spe...

CVE-2025-40615 Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy

Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/apiajustes.php...

CVE-2025-40615 Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy

Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/apiajustes.php...

YesWiki Stored XSS Vulnerability in Comments

Summary A stored cross-site scripting XSS vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user viewing the affected comment. The XSS occurs because the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the showUploadForm method, any malicious unauthenticated user can create a link that can be clicked on in the victim context to perform arbitrary actions. An attacker can execute arbitrary JavaScript code by...

CVE-2025-3929

CVE-2025-3929 concerns the MDaemon Email Server (versions 25.0.1 and below). The issue is a stored XSS vulnerability where an attacker can send a specially crafted HTML email containing JavaScript in an img tag. When viewed in a webmail client, this could execute arbitrary JavaScript in the user’...

CVE-2025-46338 Audiobookshelf Vulnerable to Cross-Site-Scripting Reflected via POST Request in /api/upload

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the /api/upload endpoint allows an attacker to perform a reflected cross-site scripting XSS attack by submitting malicious payloads in the libraryId field. The...

CVE-2025-46338 Audiobookshelf Vulnerable to Cross-Site-Scripting Reflected via POST Request in /api/upload

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the /api/upload endpoint allows an attacker to perform a reflected cross-site scripting XSS attack by submitting malicious payloads in the libraryId field. The...

PT-2025-18174 · Bookgy · Bookgy

Name of the Vulnerable Software and Affected Versions: Bookgy affected versions not specified Description: A Reflected Cross-Site Scripting XSS issue exists, allowing an attacker to execute JavaScript code in a victim's browser. This is achieved by sending a malicious URL through the IDRESERVA...

CVE-2025-3706

The eHRMS from 104 Corporation has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

CVE-2025-3706

Summary: CVE-2025-3706 affects the eHRMS from 104 Corporation. The vulnerability is a Reflected Cross-Site Scripting flaw that enables unauthenticated remote attackers to execute arbitrary JavaScript in a user’s browser via phishing attacks. Affected software: eHRMS (V202412 and prior versions me...

CVE-2025-29526

A Cross-Site Scripting XSS vulnerability in the search function of Q4 Inc Investor Relations Platform v5.147.1.2 allows attackers to execute arbitrary Javascript via injecting a crafted payload into the SearchTerm parameter...

CVE-2025-32951

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...

CVE-2022-44760

Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications...

CVE-2022-44760

CVE-2022-44760 concerns HCL Leap where an unsafe default file type filter policy in Leap permits execution of unsafe JavaScript in deployed applications. The root cause listed is the default file type filtering policy, leading to potential unsafe script execution. Documented impacts indicate unsa...

CVE-2022-44760 HCL Leap is affected by an unrestricted upload of file with dangerous type vulnerability

Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications...