CVE-2025-2597 Reflected Cross-Site Scripting (XSS) vulnerability in ITIUM 6050

Reflected Cross-Site Scripting XSS in ITIUM 6050 version 5.5.5.2-b3526 from Impact Technologies. This vulnerability could allow an attacker to execute malicious Javascript code via GET and POST requests to the ‘/index.php’ endpoint and injecting code into the ‘idsession...

CVE-2025-2597

CVE-2025-2597 describes a reflected Cross-Site Scripting (XSS) vulnerability in Impact Technologies ITIUM 6050 (version 5.5.5.2-b3526 ). According to the sources, an attacker could execute arbitrary JavaScript by crafting GET/POST requests to the endpoint /index.php and injecting code via the par...

Impact Technologies ITIUM 6050 跨站脚本漏洞

The Impact Technologies ITIUM 6050 is a versatile thin client from Impact Technologies, Inc. that meets the needs of organizations that use multimedia and video solutions on a daily basis and are looking for robust functionality and image quality, such as videoconferencing, video surveillance,...

CVE-2024-0640 Stored XSS in chatwoot/chatwoot

A stored cross-site scripting XSS vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. This vulnerability allows an admin user to inject malicious JavaScript code via the dashboard app settings, which can then be executed by another admin user when they access the affected dashboard...

CVE-2024-6986 Cross-site Scripting (XSS) in parisneo/lollms-webui

A Cross-site Scripting XSS vulnerability exists in the Settings page of parisneo/lollms-webui version 9.8. The vulnerability is due to the improper use of the 'v-html' directive, which inserts the content of the 'fulltemplate' variable directly as HTML. This allows an attacker to execute maliciou...

Chatwoot 跨站脚本漏洞

Chatwoot is a Chatwoot open source application. Customer Engagement Suite, an open source alternative to Intercom, Zendesk, Salesforce Service Cloud, and more. A cross-site scripting vulnerability exists in Chatwoot versions 3.0.0 through 3.5.1. An attacker can exploit this vulnerability to injec...

CVE-2024-53970 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-25612

FS Inc S3150-8T2F prior to version S3150-8T2F2.2.0D135103 is vulnerable to Cross Site Scripting XSS in the Time Range Configuration functionality of the administration interface. An attacker can inject malicious JavaScript into the "Time Range Name" field, which is improperly sanitized. When this...

CVE-2025-25612

CVE-2025-25612 affects FS Inc S3150-8T2F: XS Scripting in the Time Range Configuration of the administration interface. The vulnerability stems from improper sanitization in the Time Range Name field, allowing an attacker to inject JavaScript that executes in any user browser (including admins) w...

MODX allows cross-site scripting (XSS) via an SVG file

A cross-site scripting XSS vulnerability has been identified in MODX prior to 3.1.0. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image...

CVE-2025-26659

SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to DOM-basedCross-Site Scripting XSS vulnerability. This allows an attacker with no privileges, to craft a malicious web message that exploits WEBGUI functionality. On successful exploitation, the...

CVE-2025-2150

The C&Cm@il from HGiga has a Stored Cross-Site Scripting XSS vulnerability, allowing remote attackers with regular privileges to send emails containing malicious JavaScript code, which will be executed in the recipient's browser when they view the email...

CVE-2025-2150

CVE-2025-2150 affects HGiga C&Cm@il. The vulnerability is a Stored Cross-Site Scripting (XSS) in the mail component, allowing remote attackers with regular privileges to send emails containing malicious JavaScript that executes in the recipient’s browser when viewed. Affected: C&Cm@il web app; ro...

HGiga C&Cm@il 跨站脚本漏洞

HGiga C&Cm@il is an email collaboration system from China Henderson HGiga. A cross-site scripting vulnerability exists in HGiga C&Cm@il, which originates from stored cross-site scripting and could result in malicious JavaScript code being executed in the recipient's browser...

CVE-2025-26202

Cross-Site Scripting XSS vulnerability exists in the WPA/WAPI Passphrase field of the Wireless Security settings 2.4GHz & 5GHz bands in DZS Router Web Interface. An authenticated attacker can inject malicious JavaScript into the passphrase field, which is stored and later executed when an...

TeamPasswordManager 安全漏洞

TeamPasswordManager is a password manager from the individual developer Ferran Barba. A security vulnerability exists in TeamPasswordManager version 12.162.284 and earlier, which stems from vulnerability to cross-site scripting attacks that allow execution of malicious JavaScript...

CVE-2024-5848

A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper input validation. User-supplied data is directly included in server responses from vulnerable service endpoints without proper sanitization or encoding, allowing an attacker to inject malicious...

CVE-2025-25477

A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS files from an arbitrary domain which would be executed in the victim's browser...

CVE-2025-25477

A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS files from an arbitrary domain which would be executed in the victim's browser...

sysPass 注入漏洞

SysPass is a system password manager by RubénD Individual Developers. An injection vulnerability exists in sysPass version 3.2x, which stems from host header injection and could lead to the execution of malicious JS files...