2179 matches found
PT-2025-24968 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A reflected Cross-Site Scripting XSS issue affects the software. If a low-privileged attacker convinces a victim to visit a URL referencing a vulnerable page, malicious...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
PT-2025-25115 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: The issue is a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this problem by manipulating the DOM environment to execute malicious JavaScript with...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
PT-2025-24967 · Adobe · Experience Manager
Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: The issue is a reflected Cross-Site Scripting XSS vulnerability. If an attacker with low privileges can convince a victim to visit a URL referencing a vulnerable page, maliciou...
Webkul Software Bagisto 跨站脚本漏洞
Webkul Software Bagisto is an open source e-commerce framework from Webkul Software, India. A cross-site scripting vulnerability exists in Webkul Software Bagisto version v2.0.0, which stems from reflective cross-site scripting and could lead to the execution of malicious JavaScript code...
CVE-2025-30084
A stored XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or...
CVE-2025-41367
Stored Cross-Site Scripting XSS vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and...
CVE-2025-41364
Stored Cross-Site Scripting XSS vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and...
CVE-2025-41364 Stored Cross-Site Scripting (XSS) vulnerability in IDF and ZLF
Stored Cross-Site Scripting XSS vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and...
CVE-2025-41364
CVE-2025-41364 is a Stored Cross-Site Scripting (XSS) vulnerability affecting IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The issue allows an attacker to store a malicious JavaScript payload that executes in a user’s browser. Exploitation requires authentication to the device and commands with v...
PT-2025-24097 · Idf +1 · Idf +1
Name of the Vulnerable Software and Affected Versions: IDF versions 0.10.0-0C03-03 ZLF versions 0.10.0-0C03-04 Description: The issue is a Stored Cross-Site Scripting XSS vulnerability that allows an attacker to store malicious JavaScript payload in the software, which will run in the victim's...
CVE-2025-27754
A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin's resource. The injected payload is stored by the application and later executed when other users view the affecte...
CVE-2025-30084 Extension - rsjoomla.com - Reflected XSS vulnerability RSMail! component 1.19.20-1.22.26 for Joomla
A stored XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or...
Cross-site Scripting (XSS)
github.com/forceu/gokapi is vulnerable to stored cross-site scripting XSS. The vulnerability is due to insufficient sanitization and validation of filenames with embedded JavaScript, allows an attacker to execute malicious JavaScript code in the context of other users’ browsers...
CVE-2025-47289
CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting XSS vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner admin...