Cross-Site Scripting (XSS)

Bootstrap is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of the data-loading-text attribute in the button plugin, which allows an attacker to inject and execute malicious JavaScript when the button’s loading state is triggered...

Cross-site Scripting (XSS)

Overview streamlit-shortcuts is a Streamlit keyboard shortcuts for your buttons. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the addshortcuts function which fails to properly escape special characters when injecting JavaScript code into the DOM. Details...

Cross-site Scripting (XSS)

Liferay Portal is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input validation due to failure to sanitize user-supplied input in the googlegadget component, allowing remote attackers to inject malicious JavaScript...

CVE-2025-57425

A Stored Cross-Site Scripting XSS vulnerability in SourceCodester FAQ Management System 1.0 allows an authenticated attacker to inject malicious JavaScript into the 'question' and 'answer' fields via the update-faq.php endpoint...

PT-2025-35097

Name of the Vulnerable Software and Affected Versions: FormCms version 0.5.5 Description: FormCms version 0.5.5 contains a stored cross-site scripting XSS vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible v...

CVE-2025-6183

The StrongDM macOS client is affected by CVE-2025-6183 due to how it processes JSON-formatted messages, allowing an attacker to potentially modify macOS system configuration by crafting a malicious JSON payload. Documents confirm the affected product (StrongDM macOS client) and the underlying cau...

PT-2025-34120 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability. A low privileged attacker could exploit this issue to inje...

PT-2025-34128 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: Adobe Experience Manager versions 6.5.22 and earlier are susceptible to a stored Cross-Site Scripting XSS issue. A low-privileged attacker can exploit this to inject malicious...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

CVE-2025-27388

Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens...

CVE-2025-27388

Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens...

CVE-2025-27388 Arbitrary URL Loading in WebView Leading to Token Leakage Risk

Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens...

CVE-2025-27388 Arbitrary URL Loading in WebView Leading to Token Leakage Risk

Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens...

CVE-2025-27388

CVE-2025-27388 describes an issue where loading arbitrary external URLs through WebView components can inject malicious JavaScript to steal user tokens. The initial entry notes high impact (CVSS 4.0 base score 8.3) with NETWORK attack vector and high confidentiality impact. Connected documents co...

OPPO HEALTH APP 安全漏洞

OPPO HEALTH APP is a health mobile app from China's OPPO. A security vulnerability exists in OPPO HEALTH APP, which originates from the introduction of malicious JS code via loading an arbitrary external URL via the WebView component, which may steal user tokens...

PT-2025-33131 · Webview · Webview

Name of the Vulnerable Software and Affected Versions: versions prior to 2025-27388 Description: Loading arbitrary external URLs through WebView components introduces malicious JavaScript JS code that can steal arbitrary user tokens. Recommendations: At the moment, there is no information about a...

CVE-2025-32430

CVE-2025-32430 – XWiki Platform Reflected XSS . Affected: XWiki Platform versions 4.2-milestone-3 through 16.4.7, 16.5.0-rc-1 through 16.10.5, and 17.0.0-rc-1 through 17.2.2. Issue: two templates contain reflected XSS allowing attacker-controlled URLs to execute JavaScript in the victim’s session...

CVE-2025-51541

A stored cross-site scripting XSS vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The cdatabaseschema field fails to properly sanitize user-supplied input before rendering it in the browser, allowing an attacker to inject malicious...

CVE-2025-46958 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-52203

A stored cross-site scripting XSS vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated attacker can inject malicious JavaScript payloads into this field, which are...