5947 matches found
CVE-2025-22602
Discourse vulnerability CVE-2025-22602: Stored DOM-based XSS via video placeholders in Discourse posts can allow arbitrary JavaScript execution in users’ browsers when CSP is disabled. Descriptions across multiple sources confirm the issue is triggered by a malicious video placeholder HTML elemen...
CVE-2025-1015
The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book,...
CVE-2025-1015
The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book,...
CVE-2025-1015
The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book,...
CVE-2025-1015 Unsanitized address book fields
The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book,...
CVE-2025-1015 Unsanitized address book fields
The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book,...
Thundirbird -- unprivileged JavaScript code execution
[email protected] reports: The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the Other field of the Instant Messaging section. If another user...
CVE-2024-53943
CVE-2024-53943 affects NRadio N8-180 NROS-1.9.2.n3.c5. The endpoint "/cgi-bin/luci/nradio/basic/radio" is vulnerable to XSS via the 2.4 GHz and 5 GHz name parameters, allowing an attacker to inject JavaScript into the SSID field that runs in the admin’s browser when they log in. Documented impact...
PT-2025-4849 · Phpoffice · Phpspreadsheet
Name of the Vulnerable Software and Affected Versions: phpoffice/phpspreadsheet versions prior to 1.29.9 phpoffice/phpspreadsheet versions prior to 2.1.8 phpoffice/phpspreadsheet versions prior to 2.3.7 phpoffice/phpspreadsheet versions prior to 3.9.0 Description: The issue is related to a bypass...
GHSA-MM49-4F2G-C3WF DevDojo Voyager vulnerable to reflected Cross-site Scripting
DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed...
CVE-2024-55416
Summary: CVE-2024-55416 affects DevDojo Voyager up to version 1.8.0. The issue is a reflected Cross-Site Scripting (XSS) vulnerability triggered via the /admin/compass endpoint, requiring an authenticated user to click a crafted link. The attack can execute arbitrary JavaScript in the administrat...
CVE-2024-55416
DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed...
Whatsup Gold, Observium and Offis vulnerabilities
Cisco Talos' Vulnerability Research team recently disclosed three vulnerabilities in Observium, three vulnerabilities in Offis, and four vulnerabilities in Whatsup Gold. These vulnerabilities exist in Observium, a network observation and monitoring system; Offis DCMTK, a collection of libraries a...
Cross-Site Scripting (XSS)
phpmyadmin/phpmyadmin is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in table or database names within the check tables feature, allowing an attacker to execute arbitrary JavaScript in the victim's browser...
CVE-2024-57514
The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting XSS due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL...
CVE-2025-22917
A reflected cross-site scripting XSS vulnerability in Audemium ERP =0.9.0 allows remote attackers to execute an arbitrary JavaScript payload in the web browser of a user by including a malicious payload into the 'type' parameter of list.php...
TP-LINK Archer A20 安全漏洞
TP-LINK Archer A20 is a router from China P&L TP-LINK. A security vulnerability exists in TP-LINK Archer A20 version v3, which originates from improper handling of directory listing paths in the web interface. An attacker can exploit the vulnerability to inject malicious code into a page and...
CVE-2024-57514
The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting XSS due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL...
IBM OpenPages with Watson 跨站脚本漏洞
IBM OpenPages with Watson is an AI-powered financial risk analytics solution from International Business Machines IBM. The platform is based on AI technology to predict risk factors and minimize risk in financial activities by integrating, automatically identifying, measuring, monitoring,...
PT-2025-11082
Name of the Vulnerable Software and Affected Versions Zimbra Collaboration Suite ZCS versions 9.0, 10.0, and 10.1 Zimbra Collaboration Suite versions 9.0.0 Patch 44, 10.0.13, and 10.1.5 and earlier Description Zimbra Collaboration Suite ZCS contains a stored cross-site scripting XSS flaw in the...