1275 matches found
salvo 跨站脚本漏洞
salvo is a web framework for Salvo open source . A cross-site scripting vulnerability exists in versions prior to salvo 0.88.1 , the vulnerability stems from the listhtml function does not properly clean up the path , which could lead to reflective cross-site scripting attacks...
Tarkov Data Manager 跨站脚本漏洞
Tarkov Data Manager is a database management tool from The Hideout open source. A cross-site scripting vulnerability exists in versions of Tarkov Data Manager prior to 02/01/2025, which stems from the presence of reflective cross-site scripting in the toast notification system that could lead to ...
WordPress plugin Stumble! for WordPress 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A cross-site scriptin...
NetVision Information ISOinsight 跨站脚本漏洞
NetVision Information ISOinsight is an operations and maintenance management platform from China-based NetVision Information. NetVision Information ISOinsight suffers from a cross-site scripting vulnerability that stems from the presence of reflective cross-site scripting, which could allow an...
TechStore 安全漏洞
TechStore is a subscription software platform from TechStore Inc. in the United Arab Emirates. A security vulnerability exists in TechStore version 1.0, which stems from the id parameter not being encoded or cleaned up, which could lead to a reflective cross-site scripting attack...
Kentico Xperience 跨站脚本漏洞
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the administration interface, which can be exploited by an attacker to execute...
Kentico Xperience 跨站脚本漏洞
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...
Kentico Xperience 跨站脚本漏洞
Kentico Xperience is a digital experience platform from Kentico. A cross-site scripting vulnerability exists in the Kentico Xperience rich text editor component that can be exploited by an attacker to execute arbitrary script in a user's browser...
Jorani 跨站脚本漏洞
Jorani is a leave management system by Benjamin BALET, an individual developer in France. It is intended to provide a simple workflow for leave and overtime requests for small organizations. A cross-site scripting vulnerability exists in Jorani version 1.0.3, which stems from the presence of...
Inventory Management System 安全漏洞
Inventory Management System is an inventory management system by stemword individual developers. A security vulnerability exists in Inventory Management System version 1, which originates from a reflective cross-site scripting in the /index.php/cuzh4 component that could lead to the execution of...
WordPress plugin Social Media Auto Publish 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site scripting vulnerabili...
WordPress plugin WP to LinkedIn Auto Publish 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripti...
WordPress plugin HandL UTM Grabber / Tracker 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...
XWiki Platform 安全漏洞
XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform that stems from vulnerability to reflective cross-site scripting attacks...
CVE-2025-34409
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Failed parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Failed value is not properly sanitized when processed via a GET request and is reflected in the response, allowing an...
MailEnable 跨站脚本漏洞
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-suppli...
MailEnable 跨站脚本漏洞
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...
TalentSoft UNIS 跨站脚本漏洞
TalentSoft UNIS is a talent management system from TalentSoft Turkey. A cross-site scripting vulnerability exists in TalentSoft UNIS versions prior to 42957, which stems from improper input neutralization and could lead to reflective cross-site scripting...
MailEnable 跨站脚本漏洞
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...
NiceGUI 跨站脚本漏洞
NiceGUI is an easy-to-use, Python-based UI framework open-sourced by NiceGUI. A cross-site scripting vulnerability exists in NiceGUI 3.3.1 and earlier versions, which stems from insufficient cleanup and escaping of the ui.addcss, ui.addscss, and ui.addsass functions, and could lead to a reflectiv...