IBM Watson Studio on Cloud Pak for Data Cross-Site Scripting Vulnerability

IBM Watson Studio on Cloud Pak for Data is an intelligent search and text analytics platform from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Watson Studio on Cloud Pak for Data versions 4.0 and 5.0, which stems from the application's lack of effective...

WordPress plugin Ocean Extra 跨站脚本漏洞

WordPress Ocean Extra plugin is a free plugin for the WordPress platform, designed for the OceanWP theme, aiming to enhance the website building experience by adding extra functionality and flexibility. A cross-site scripting vulnerability exists in the WordPress Ocean Extra plugin, which stems...

CVE-2025-58059

Valtimo scripting engine vulnerability (CVE-2025-58059) affects Valtimo BPM platform prior to 12.16.0.RELEASE and 13.0.0.RELEASE to before 13.1.2.RELEASE. An admin who can create/modify and execute process definitions could access sensitive data or resources on the host (e.g., executing host exec...

WordPress plugin Add Code To Head 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Add Code To Head exists cross-site scripting vulnerability, the vulnerability stems fro...

CVE-2025-20296

A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the...

CVE-2025-20342 Cisco Integrated Management Controller Virtual Keyboard Video Monitor (vKVM) Stored Cross-Site Scripting Vulnerability

A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is...

PT-2025-34880 · Gitblit · Gitblit

Name of the Vulnerable Software and Affected Versions: Gitblit version 1.7.1 Description: Gitblit version 1.7.1 contains a reflected cross-site scripting XSS flaw due to insufficient input sanitization of filename elements when handling repository path names. An attacker can inject a crafted path...

Linux Distros Unpatched Vulnerability : CVE-2020-4046

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In affected versions of WordPress, users with low privileges like contributors and authors can use the embed block in a certain way to inject unfiltered HTML in...

PT-2025-34730 · Unknown · 1000Projects Online Project Report Submission/Evaluation System

Name of the Vulnerable Software and Affected Versions: 1000projects Online Project Report Submission and Evaluation System version 1.0 Description: A security issue exists in 1000projects Online Project Report Submission and Evaluation System 1.0. The vulnerability is related to a cross-site...

CVE-2025-55620

A cross-site scripting XSS vulnerability in the valuateJavascript function of Reolink v4.54.0.4.20250526 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the user creation process via the /admin/settings/users/create endpoint, where file uploads are insufficiently sanitized due to improper MIME type validation. An attacker can execute arbitrary JavaScript in t...

Group Office 跨站脚本漏洞

Group Office is a modular office suite from the Dutch company Group Office. A cross-site scripting vulnerability exists in Group Office versions prior to 6.8.119 and prior to 25.0.20, which stems from a cross-site scripting attack that could lead to the execution of arbitrary script...

Linux Distros Unpatched Vulnerability : CVE-2018-6110

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML...

JVN#72111431: Multiple vulnerabilities in Group-Office

Group-Office provided by Intermesh BV contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 4.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2025-53504 Path traversal CWE-22...

CVE-2025-55522

Akaunting 3.1.18 contains a Cross-site Scripting (XSS) vulnerability in the /common/reports component. The flaw allows an attacker to inject arbitrary web scripts or HTML via the name parameter, leading to potential user–level impact consistent with XSS. Root cause is improper handling/encoding o...

WordPress BaiduXZH Submit plugin cross-site scripting vulnerability

WordPress BaiduXZH Submit plugin is a third-party WordPress plugin, mainly used for automatic submission of website content to Baidu Bear Paw, to achieve rapid inclusion within 24 hours, and support for original protection features. WordPress BaiduXZH Submit plugin has a cross-site scripting...

Cross-site Scripting (XSS)

microweber/microweber is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the id parameter in the liveedit.modulesettings API endpoint allowing arbitrary JavaScript execution...

CVE-2025-51488

MoonShine, a Laravel-based admin panel, is affected by CVE-2025-51488 due to a Stored XSS in the Create Admin flow. The vulnerability arises from improper sanitization of the Name parameter when creating a new Admin, allowing an attacker to store and execute arbitrary JavaScript in victims’ brows...

Linux Distros Unpatched Vulnerability : CVE-2024-52336

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A script injection vulnerability was identified in the Tuned package. The instancecreate D-Bus function can be called by locally logged-in users without...

Linux Distros Unpatched Vulnerability : CVE-2025-3155

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to...