33 matches found
CVE-2025-13672
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the...
CVE-2025-13672 Reflected Cross-Site Scripting discovered in OpenText WSM Management Server.
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the...
PT-2026-20944
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript inside URL parameters that was then rendered with the preview of the...
CVE-2025-67483
A flaw was found in MediaWiki. This cross-site scripting XSS vulnerability occurs due to improper neutralization of input during web page generation within the resources/src/mediawiki.Page.Preview.Js program file. A remote attacker with high privileges could exploit this flaw to inject malicious...
CVE-2025-67483
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from before 1.43.6, 1.44.3, 1.45.1...
UBUNTU-CVE-2025-67483
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from before 1.43.6, 1.44.3, 1.45.1...
CVE-2025-67483 Theoretical i18n XSS in mediawiki.page.preview.js when a page has multiple protection levels
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from before 1.43.6, 1.44.3, 1.45.1...
Cross-site Scripting (XSS)
Overview mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others. Note: This package is not maintained on Packagist anymore, but newer releases exist. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the...
CVE-2025-67483
CVE-2025-67483 is a Wikimedia MediaWiki XSS vulnerability in the file resources/src/mediawiki.Page.Preview.Js. It affects MediaWiki releases prior to 1.43.6, 1.44.3, and 1.45.1. According to NVD, the issue is a Web Page Generation input handling flaw with CVSSv3.1: Severity MEDIUM (6.1), attack v...
CVE-2025-67483 Theoretical i18n XSS in mediawiki.page.preview.js when a page has multiple protection levels
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js. This issue affects MediaWiki: from before 1.43.6, 1.44.3, 1.45.1...
CVE-2025-61637
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Action/mediawiki.Action.Edit.Preview.Js, resources/src/mediawiki.Page.Preview.Js...
Cross-site Scripting (XSS)
Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper processing of page preview URLs. An authenticated attacker can execute arbitrary JavaScript...
Cross-site Scripting (XSS)
Overview Kentico.Xperience.AspNet.Mvc5.Libraries is an assemblies required to use the Kentico Xperience API in class libraries developed for ASP.NET MVC 5 applications. Does not include content items or other modifications intended for the MVC web application itself. Affected versions of this...
CVE-2023-53738
A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via page preview URLs. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers during page preview interactions...
CVE-2023-53738 Kentico Xperience <= 13.0.109 Page Preview Reflected XSS
A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via page preview URLs. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers during page preview interactions...
CVE-2023-53738
CVE-2023-53738 is a reflected XSS vulnerability in Kentico Xperience. An authenticated user can inject malicious scripts via crafted page preview URLs, with impact described as execution of scripts in the victim’s browser during page preview interactions. Concrete remediation in the connected doc...
CVE-2023-53738 Kentico Xperience <= 13.0.109 Page Preview Reflected XSS
A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via page preview URLs. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers during page preview interactions...
Kentico Xperience 跨站脚本漏洞
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...
GHSA-CQX4-9VQF-Q3M8 Mautic's Predictable Page Indexing Might Lead to Sensitive Data Exposure
Summary This advisory addresses a security vulnerability in Mautic where unpublished page previews could be accessed by unauthenticated users and potentially indexed by search engines. This could lead to the unintended disclosure of draft content or sensitive information. Unauthorized Access to...
Improper Validation of Specified Quantity in Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the page preview functionality. An attacker can access unpublished content and potentially expose sensitive information by exploiting predictable URLs without proper authorization...