CVE-2025-9826

Stored cross-site scripting vulnerability in M-Files Hubshare before version 25.8 allows authenticated attackers to cause script execution for other users...

CVE-2025-9826

Stored cross-site scripting vulnerability in M-Files Hubshare before version 25.8 allows authenticated attackers to cause script execution for other users...

CVE-2025-9826

Stored cross-site scripting vulnerability in M-Files Hubshare before version 25.8 allows authenticated attackers to cause script execution for other users...

M-Files Hubshare 安全漏洞

M-Files Hubshare is a collaboration solution from M-Files, Inc. designed to seamlessly share files, documents, and collaborative content. A security vulnerability exists in M-Files Hubshare versions prior to 25.8, which stems from stored cross-site scripting and could lead to script execution by...

Unmark 代码注入漏洞

Unmark is an open source to-do list application for bookmarking. Unmark 1.9.3 and earlier versions have a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter Title in the file /application/controllers/Marks.php,...

CVE-2025-8318

The Jobify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘keyword’ parameter in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

SAP Supplier Relationship Management Cross-Site Scripting Vulnerability (CNVD-2025-21206)

SAP Supplier Relationship Management SRM is a supplier relationship management solution from SAP. The product automates purchasing and acquisition processes within an organization and between suppliers, and provides functions such as invoicing. A cross-site scripting vulnerability exists in SAP...

SAP NetWeaver ABAP Platform Cross-Site Scripting Vulnerability

SAP NetWeaver ABAP Platform is an all-in-one technology platform from SAP. SAP NetWeaver ABAP Platform suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execu...

GHSA-66X6-8JGV-QPFH Liferay Portal and Liferay DXP vulnerable to Stored Cross-site Scripting

A stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks...

CVE-2025-43785

Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks pa...

CVE-2025-43785

CVE-2025-43785 is a stored XSS in Liferay Portal 7.4.3.45–7.4.3.128 and Liferay DXP 2024 Q2.0–Q2.9, 2024.Q1.1–Q1.12, and 7.4 update 45–update 92. The vulnerability affects the My Workflow Tasks page and can allow remote attackers to inject arbitrary script/HTML. Root cause and affected component ...

CVE-2025-43785

Stored cross-site scripting XSS vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks pa...

Debian dsa-5995 : libhsqldb1.8.0-java - security update

The remote Debian 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-5995 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5995-1 [email protected] https://www.debian.org/security/ Moritz...

Linux Distros Unpatched Vulnerability : CVE-2024-47759

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free Asset and IT management software package. An technician can upload a SVG containing a malicious script. The script will then be executed when any...

PT-2025-37067

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.45 through 7.4.3.128 Liferay DXP versions 2024 Q1.1 through 2024.Q1.12 Liferay DXP versions 2024 Q2.0 through 2024.Q2.9 Liferay versions 7.4 update 45 through update 92 Description: A stored cross-site scripting...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the search bar portlet when user-supplied input in the URL is not properly sanitized. An attacker can execute arbitrary web scripts in the context of the user's browser by tricking a user into clicking a...

Improper Encoding or Escaping of Output

Overview org.webjars.npm:element-plus is an A Component Library for Vue 3 Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the href attribute handling in the el-link component. An attacker can execute arbitrary scripts, redirect users to malicious...

Improper Encoding or Escaping of Output

Overview element-plus is an A Component Library for Vue 3 Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the href attribute handling in the el-link component. An attacker can execute arbitrary scripts, redirect users to malicious sites, or conduct...

CVE-2025-48208

Improper Neutralization of Special Elements used in an LDAP Query 'LDAP Injection' vulnerability in Apache HertzBeat . The attacker needs to have an authenticated account with access, and the attack can only be triggered by crafting custom commands. A successful attack would result in arbitrary...

CVE-2025-48208

CVE-2025-48208 describes an LDAP Injection vulnerability in Apache HertzBeat up to version 1.7.2. An attacker with an authenticated account can trigger the flaw by crafting custom LDAP queries, potentially resulting in arbitrary script execution. Remediation: upgrade to version 1.7.3 (fixes the i...