2176 matches found
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Webkul Software Bagisto 跨站脚本漏洞
Webkul Software Bagisto is an open source e-commerce framework from Webkul Software, India. A cross-site scripting vulnerability exists in Webkul Software Bagisto version v2.0.0, which stems from reflective cross-site scripting and could lead to the execution of malicious JavaScript code...
CVE-2025-30084
A stored XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or...
CVE-2025-41367
Stored Cross-Site Scripting XSS vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and...
CVE-2025-41364
Stored Cross-Site Scripting XSS vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and...
CVE-2025-41364 Stored Cross-Site Scripting (XSS) vulnerability in IDF and ZLF
Stored Cross-Site Scripting XSS vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and...
CVE-2025-41364
CVE-2025-41364 is a Stored Cross-Site Scripting (XSS) vulnerability affecting IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. The issue allows an attacker to store a malicious JavaScript payload that executes in a user’s browser. Exploitation requires authentication to the device and commands with v...
PT-2025-24097 · Idf +1 · Idf +1
Name of the Vulnerable Software and Affected Versions: IDF versions 0.10.0-0C03-03 ZLF versions 0.10.0-0C03-04 Description: The issue is a Stored Cross-Site Scripting XSS vulnerability that allows an attacker to store malicious JavaScript payload in the software, which will run in the victim's...
CVE-2025-27754
A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin's resource. The injected payload is stored by the application and later executed when other users view the affecte...
CVE-2025-30084 Extension - rsjoomla.com - Reflected XSS vulnerability RSMail! component 1.19.20-1.22.26 for Joomla
A stored XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized before being stored and rendered. An attacker can inject malicious JavaScript code into text fields or...
Cross-site Scripting (XSS)
github.com/forceu/gokapi is vulnerable to stored cross-site scripting XSS. The vulnerability is due to insufficient sanitization and validation of filenames with embedded JavaScript, allows an attacker to execute malicious JavaScript code in the context of other users’ browsers...
CVE-2025-47289
CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting XSS vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject malicious JavaScript into the testimonial description field. Once submitted, if the shop owner admin...
CVE-2024-5962
A reflected cross-site scripting XSS vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the authentication flow, potentially leadi...
CVE-2025-21616
Plane is an open-source project management tool. A cross-site scripting XSS vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims'...
CVE-2024-48120
X2CRM v8.5 is vulnerable to a stored Cross-Site Scripting XSS in the "Opportunities" module. An attacker can inject malicious JavaScript code into the "Name" field when creating a list...