CVE-2025-46993 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is an application developed by Adobe for creating, organizing and publishing digital content. It helps organizations manage their websites, mobile applications and other digital experiences more easily through an integrated interface. Users can utilize different tools and...

CVE-2025-47053

Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation ...

CVE-2025-47053

Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation ...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is an enterprise-grade content management solution from Adobe designed to help companies efficiently build, manage and deliver multi-channel digital content and personalized experiences. A cross-site scripting vulnerability exists in Adobe Experience Manager, which can be...

CVE-2025-4779

lunary-ai/lunary versions prior to 1.9.24 are vulnerable to stored cross-site scripting XSS. An unauthenticated attacker can inject malicious JavaScript into the v1/runs/ingest endpoint by adding an empty citations field, triggering a code path where dangerouslySetInnerHTML is used to render...

CVE-2025-49542

The CVE-2025-49542 issue is a reflected Cross-Site Scripting (XSS) vulnerability in Adobe ColdFusion affecting versions 2025.2, 2023.14, 2021.20 and earlier. An unauthenticated attacker can lure a user to a URL referencing a vulnerable page, causing malicious JavaScript to run in the victim’s bro...

CVE-2025-49542 ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of...

CVE-2025-50367

CVE-2025-50367 corresponds to a stored blind XSS vulnerability in the Contact Page of Phpgurukul Medical Card Generation System 1.0 (mcgs/contact.php). The root cause is improper sanitization/cleanup of the name field, enabling JavaScript injection. Public sources (NVD, Red Hat, CNVD, CNVD, PT-Se...

CVE-2024-56916

In Netbox Community 4.1.7, once authenticated, Configuration History Addis vulnerable to cross-site scripting XSS due to the current value field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript to the any banner field. Once a victim edits a...

Cross-Site Scripting (XSS)

Mezzanine CMS is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the displayablelinksjs function, allowing attackers to inject malicious JavaScript into blog post titles that executes in another admin's browser...

CVE-2025-6050

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...

CVE-2025-6050 Stored Cross-Site Scripting (XSS) in Mezzanine CMS Admin Interface

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting XSS vulnerability in the admin interface. The vulnerability exists in the "displayablelinksjs" function, which fails to properly sanitize blog post titles before including them in JSON responses served via...

CVE-2025-49185

The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be executed when the widget receives data from its data source...

CVE-2025-32466

A SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1.7 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-15564)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-15738)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-15562)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-15656)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2025-15815)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...