2179 matches found
HCL Domino Volt 安全漏洞
HCL Domino Volt is a low-code application development solution based on the Domino platform from HCL India. A security vulnerability exists in HCL Domino Volt, which stems from an insecure default file type filtering policy that could lead to the execution of malicious JavaScript...
CVE-2025-32960
The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...
CVE-2022-28851
Adobe Experience Manager versions 6.5.13.0 and earlier is affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's...
Laravel Starter Cross Site Scripting (XSS)
Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting XSS in the tags feature. Any user with the ability of create or modify tags can inject malicious JavaScript code in the name field...
CVE-2025-32961 CUBA JPA Web API Vulnerable to Cross-Site Scripting (XSS) in the /download Endpoint
The Cuba JPA web API enables loading and saving any entities defined in the application data model by sending simple HTTP requests. Prior to version 1.1.1, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name...
CVE-2025-32960 CUBA Generic REST API Vulnerable to Cross-Site Scripting (XSS) in the /files Endpoint
The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...
CVE-2025-32960 CUBA Generic REST API Vulnerable to Cross-Site Scripting (XSS) in the /files Endpoint
The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...
GHSA-HG25-W3VG-7279 XSS in the /download Endpoint of the JPA Web API
Impact The input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be...
XSS in the /files Endpoint of the Generic REST API
Impact The input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be...
Jmix 跨站脚本漏洞
Jmix is a set of libraries and tools from Jmix, Inc. for accelerating Spring Boot data-centric application development. A cross-site scripting vulnerability exists in Jmix versions 1.0.0 through 1.6.1 and 2.0.0 through 2.3.4, which stems from improperly manipulated file paths and could lead to...
WonderCMS 3.4.2 - Remote Code Execution (RCE)
Exploit Title: WonderCMS 3.4.2 - Remote Code Execution RCE Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ CVE: CVE-2023-41425 import requests import...
CVE-2025-3760
A stored cross-site scripting XSS vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10...
CVE-2025-30292 ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)
ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's...
CVE-2025-26653 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)
SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting XSS vulnerability. This enables an attacker, without requiring any privileges, to inject malicious JavaScript into a website. When a user visits the compromised page,...
PT-2025-15661 · Adobe · Coldfusion
Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.0 and earlier ColdFusion versions 2023.12 ColdFusion versions 2021.18 Description: The issue is a reflected Cross-Site Scripting XSS vulnerability. If an attacker convinces a victim to visit a URL referencing a...
CVE-2025-3189
Stored Cross-Site Scripting XSS in DoWISP in versions prior to 1.16.2.50, which consists of an stored XSS through the upload of a profile picture in SVG format with malicious Javascript code in it...
CVE-2025-3189 Stored Cross-Site Scripting (XSS) in DoWISP
Stored Cross-Site Scripting XSS in DoWISP in versions prior to 1.16.2.50, which consists of an stored XSS through the upload of a profile picture in SVG format with malicious Javascript code in it...
GHSA-V2RR-FHV8-MX74 wp-svg-upload WordPress plugin vulnerable to Stored Cross-site Scripting
The wp-svg-upload WordPress plugin through 1.0.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...
CVE-2024-11847
The wp-svg-upload WordPress plugin through 1.0.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...
Cross-site Scripting (XSS)
Overview org.webjars.bower:ContentTools is an A JS library for building WYSIWYG editors for HTML content Affected versions of this package are vulnerable to Cross-site Scripting XSS via the onload attribute in img that allows attackers to inject malicious Javascript code. Details Cross-site...