5938 matches found
pgAdmin 安全漏洞
pgAdmin is pgAdmin open source an open source management and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin 9.1 and earlier versions, which stems from a cross-site scripting attack that could result in arbitrary HTML or JavaScript executio...
GHSA-MQQG-XJHJ-WFGW Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler
Impact Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to valid responses. By...
Stored XSS in Miniflux when opening a broken image due to unescaped ServerError in proxy handler
Impact Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to valid responses. By...
CVE-2024-45699
The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the abo...
Elaine's Realtime CRM Automation 6.18.17 - Reflected XSS
Exploit Title: Elaine's Realtime CRM Automation 6.18.17 - Reflected XSS Date: 09/2024 Exploit Author: Haythem Arfaoui CBTW Team Vendor Homepage: https://www.elaine.io/ Software Link: https://www.elaine.io/en/products/elaine-marketing-automation/ Version: 6.18.17 and below Tested on: Windows, Linu...
Amazon Linux 2 : firefox (ALASFIREFOX-2025-036)
The version of firefox installed on the remote host is prior to 128.8.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2025-036 advisory. Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability...
CVE-2025-3019
KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a malicious link or opens a malicious web page, arbitrary Java Script may be executed with this user's permissions. This can lead to information loss and/or modification of existin...
CVE-2025-3019 Cross-site scripting vulnerabilities in KNIME Business Hub web pages
KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a malicious link or opens a malicious web page, arbitrary Java Script may be executed with this user's permissions. This can lead to information loss and/or modification of existin...
CVE-2025-27405
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of tha...
CVE-2025-2869
Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the id parameter in /manageuser.php...
CVE-2025-2870
Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /patientside.php...
CVE-2025-2868
Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /index.php...
CVE-2025-2870 Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System
Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /patientside.php...
CVE-2025-2870
CVE-2025-2870 is a reflected Cross-Site Scripting (XSS) vulnerability in the Clinic Queuing System v1.0. The issue arises via the page parameter in /patient_side.php, enabling an attacker to induce the victim’s browser to execute injected JavaScript when the link is used. This is documented acros...
CVE-2025-2870 Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System
Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /patientside.php...
CVE-2025-2869 Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System
Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the id parameter in /manageuser.php...
CVE-2025-2869
CVE-2025-2869 is a reflected XSS vulnerability in Clinic Queuing System version 1.0. The issue arises from the id parameter in /manage_user.php, allowing an attacker to inject JavaScript that executes in a victim’s browser when the URL is viewed. Connected sources corroborate a reflective XSS pat...
CVE-2025-2869 Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System
Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the id parameter in /manageuser.php...
CVE-2025-2868
The CVE-2025-2868 entry describes a Reflected XSS in Clinic Queuing System version 1.0. The vulnerability allows an attacker to execute JavaScript in a victim’s browser by supplying a malicious URL to the page parameter in /index.php. Affected software is the Clinic Queuing System (v1.0). The pro...
CVE-2025-2868 Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System
Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /index.php...