CVE-2026-41525

KDE Dolphin prior to 25.12.3 is affected. The issue arises when running inside a Flatpak or with AppArmor confinement, where Dolphin’s FileManager1 protocol can accept a path to any file type (including scripts or executables) and open it outside the application sandbox without proper scrutiny. B...

Domoticz 跨站脚本漏洞

Domoticz is an open-source smart home system developed by the Domoticz company. This system supports the monitoring and control of various smart home devices. Versions of Domoticz prior to 2026.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Web interface’s...

Cisco Finesse XSS (cisco-sa-cc-xss-MrNAH5Jh)

According to its self-reported version, Cisco Finesse is affected by a cross-site scripting vulnerability in the web-based management interface due to insufficient validation of user-supplied input. An unauthenticated, remote attacker could exploit this vulnerability by persuading a user of the...

CVE-2025-36226

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2018-25157

Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability: authenticated users can inject scripts via crafted file names during document uploads, with SVG-embedded payloads executing in the browser and potentially stealing cookies or redirecting users when the file is viewed. Root cau...

CVE-2020-36956

Openfire 4.6.0 contains a stored cross-site scripting vulnerability in the nodejs plugin that allows attackers to inject malicious scripts through the 'path' parameter. Attackers can craft a payload with script tags to execute arbitrary JavaScript in the context of administrative users viewing th...

Cross-site Scripting (XSS)

Overview @questdb/web-console is a QuestDB Web Console Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Web Console component. An attacker can inject and execute arbitrary scripts by submitting crafted input that is not properly sanitized. Details Cross-site...

EUVD-2022-5612

Malicious code in bioql PyPI...

EUVD-2025-25276

Malicious code in bioql PyPI...

EUVD-2022-4271

Malicious code in bioql PyPI...

PT-2025-32604 · Sap · Sap Netweaver Application Server Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server for ABAP affected versions not specified Description: SAP NetWeaver Application Server for ABAP is susceptible to a cross-site scripting issue. An unauthenticated attacker can create a URL containing a malicio...

CVE-2024-23189

Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same context or an successful social engineering...

yelp: Arbitrary file read

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...

CVE-2025-3087

Stored XSS in M-Files Web versions from 25.1.14445.5 to 25.2.14524.4 allows an authenticated user to run scripts...

CVE-2024-20539

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input...

PT-2024-19705 · Open Xchange Gmbh · Ox App Suite

Name of the Vulnerable Software and Affected Versions: No specific software name or affected versions are mentioned in the provided descriptions. Description: Embedded content references at tasks could be used to temporarily execute script code in the context of the user's browser session. To...

osCommerce Cross-Site Scripting Vulnerability

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...

osCommerce Cross-Site Scripting Vulnerability

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...

SUSE CVE-2023-39320

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules...

SUSE CVE-2017-1000393

Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was suppose...