Gitroom Postiz 跨站脚本漏洞

Gitroom Postiz is an open-source social media scheduling tool developed by Gitroom. Versions of Gitroom Postiz from 2.21.6 to 2.21.7 contained a cross-site scripting vulnerability. This vulnerability allowed any authenticated user to store arbitrary HTML in post content by manipulating saved...

CVE-2025-12518

beefree.io SDK is vulnerable to Stored XSS in Social Media icon URL parameter in email builder functionality. Malicious attacker can inject arbitrary HTML and JS into template, which will be rendered/executed when visiting preview page. However due to beefree's Content Security Policy not all...

CVE-2025-61550

Cross-Site Scripting XSS is present on the ctl00Content01fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.69. User-supplied input is stored and later rendered in HTML pages without prope...

CVE-2025-12815

An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio RES on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots. To mitigate...

CVE-2025-12815

Summary of CVE-2025-12815 (AWS RES) : An ownership verification issue exists in the Virtual Desktop preview page of the Research and Engineering Studio (RES) on AWS, affecting versions prior to 2025.09. A remote user with network access may be able to view metadata from another user’s active desk...

EUVD-2020-9402

Malware in sbrugna...

CVE-2024-7299

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Bolt CMS 3.7.1. It has been rated as problematic. This issue affects some unknown processing of the file /preview/page of the component Entry Preview Handler. The manipulation of the argument body leads to cross site scripting. The attack may...

CVE-2024-42562

Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoicenumber parameter at preview.php...

CVE-2024-7299 Bolt CMS Entry Preview page cross site scripting

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Bolt CMS 3.7.1. It has been rated as problematic. This issue affects some unknown processing of the file /preview/page of the component Entry Preview Handler. The manipulation of the argument body leads to cross site scripting. The attack may...

PT-2024-38246 · Bolt Cms · Bolt Cms

Name of the Vulnerable Software and Affected Versions: Bolt CMS version 3.7.1 Description: A vulnerability was found in the Entry Preview Handler component, affecting the processing of the file /preview/page. The manipulation of the body argument leads to cross-site scripting. The attack can be...

Bolt CMS 跨站脚本漏洞

Bolt CMS is Bolt CMS open source PHP-based open source content management system . A cross-site scripting vulnerability exists in Bolt CMS version 3.7.1, which stems from the parameter body in the file /preview/page can lead to cross-site scripting. No detailed vulnerability details are currently...

CVE-2024-22637

Form Tools v3.1.1 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /formbuilder/preview.php?formid=2...

PHPJabbers Callback Widget 跨站脚本漏洞

PHPJabbers Callback Widget is a simple PHP script that places a discreet callback button on a website. A security vulnerability exists in PHPJabbers Callback Widget that stems from a cross-site scripting vulnerability in the theme parameter of preview.php...

Class Scheduling System Cross-Site Scripting Vulnerability

Class Scheduling System is a class scheduling system by jkev Personal Developer. A security vulnerability exists in Class Scheduling System version 1.0 due to a cross-site scripting XSS vulnerability in the theme parameter of preview.php...

CVE-2023-33564

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3...

CVE-2023-33564

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3...

GZ Scripts Car Listing Script PHP 跨站脚本漏洞

GZ Scripts Car Listing Script PHP is a script from GZ Scripts, Inc. GZ Scripts Car Listing Script PHP suffers from a cross-site scripting vulnerability that stems from an unknown issue with /preview.php...

GZ Scripts Property Listing Script 跨站脚本漏洞

GZ Scripts Property Listing Script is a real estate software from GZ Scripts, Inc. A cross-site scripting vulnerability exists in GZ Scripts Property Listing Script that stems from an unknown issue with /preview.php...

GZ Scripts PHP Vacation Rental Script 跨站脚本漏洞

GZ Scripts PHP Vacation Rental Script is a powerful web-based vacation rental software from GZ Scripts. A cross-site scripting vulnerability exists in GZ Scripts PHP Vacation Rental Script, which stems from an unknown issue with /preview.php...

CVE-2023-3538

A vulnerability classified as problematic was found in SimplePHPscripts Photo Gallery PHP 2.0. This vulnerability affects unknown code of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-233290 ...