CVE-2025-59985

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in a field on the Purging Policy page that, when visited by another user, enables the attacker to execute commands with the...

CVE-2025-59985

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in a field on the Purging Policy page that, when visited by another user, enables the attacker to execute commands with the...

CVE-2025-59985

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in a field on the Purging Policy page that, when visited by another user, enables the attacker to execute commands with the...

PT-2025-41421

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space versions prior to 24.1R4 Description An issue exists in Juniper Networks Junos Space that allows an attacker to inject script tags into a field on the Purging Policy page. When another user visits the affected page...

EUVD-2024-48192

Malicious code in bioql PyPI...

CVE-2024-7225

A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /Script/admin/core/updatepolicy of the component Edit Insurance Policy Page. The manipulation of the argument pname leads to cross site...

Akamai Secure Internet Access Enterprise ThreatAvert 安全漏洞

Akamai Secure Internet Access Enterprise ThreatAvert Akamai SIA ThreatAvert is a security and personalization service from Akamai, Inc. in the United States. A security vulnerability exists in Akamai Secure Internet Access Enterprise ThreatAvert that stems from incorrect authorization controls fo...

CVE-2024-7225

A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /Script/admin/core/updatepolicy of the component Edit Insurance Policy Page. The manipulation of the argument pname leads to cross site...

Dell Secure Connect Gateway 跨站脚本漏洞

Dell Secure Connect Gateway is a secure connectivity gateway from Dell USA. Dell Secure Connect Gateway suffers from a cross-site scripting vulnerability that originates from a cross-site scripting vulnerability in the Policy Manager that contains storage in the policy page. No detailed...

CVE-2022-25630

An authenticated user can embed malicious content with XSS into the admin group policy page...

CVE-2022-25630

An authenticated user can embed malicious content with XSS into the admin group policy page...

CVE-2022-25630

Broadcom Symantec Messaging Gateway is affected by CVE-2022-25630, a stored XSS vulnerability exploitable by an authenticated user on the admin group policy page. Public details describe an authenticated user injecting payloads via the AdminGroupPolicyFlow$save.flo endpoint, with the issue enabli...

PT-2022-17423 · Symantec · Messaging Gateway

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows an authenticated user to embed malicious content with XSS into the admin group policy page. This could potentially lead to cross-site...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.3.6 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.3.6 General Availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

HackerOne: Attachment object in GraphQL continues to grant access to files, even if they are removed from rendering

Summary: Hi team, Our team noticed that youprogram can attach files to the policy page. These files can be anything, images, text, archive, etc.In other words, these files may or may not contain sensitive information. Our team believes that the data that can be attached in different vectors is hi...

HackerOne: Private program policy page still accessible after user left the program

Hi Team, Summary: I have found a critical sensitive information disclosure, I'm not sure if this is a result of a new hackerone UI update, I observed that some of the UI has been change such as Hacktivity etc. BUG: Now all private program policy page together with the updates is visible to me...

The vulnerability of the policy.jsp script in the Email Encryption Gateway allows a hacker to execute arbitrary SQL queries.

The vulnerability of the policy.jsp script in the Email Encryption Gateway system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries using the hidEditld parameter...

wholesalecabinetswarehouse.com XSS vulnerability

Vulnerable URL: https://www.wholesalecabinetswarehouse.com/policy.php?policy=1"...

Unfixed XSS vulnerability at www.desktopsmiley.com

Security researcher holisticinfosec, has submitted on 19/05/2009 a cross-site-scripting XSS vulnerability affecting www.desktopsmiley.com, which at the time of submission ranked 48154 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 28/12/2011. ...