CVE-2025-4604

The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 an...

CVE-2025-26065

A cross-site scripting XSS vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a visiting Wi-Fi network...

PT-2025-31808 · Intelbras · Intelbras Rx 1500 +1

Name of the Vulnerable Software and Affected Versions: Intelbras RX1500 version 2.2.9 Intelbras RX3000 version 1.0.11 Description: A cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the name of a visiting Wi-Fi...

PT-2025-31872

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.80 through 7.4.3.132 Liferay DXP versions 2024.Q1.1 through 2024.Q1.19 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.0 through 2024.Q3.13 Liferay DXP versions 2024.Q4.0 through...

PT-2025-32149 · Unknown · Cl4/6Nx-J Plus +1

Name of the Vulnerable Software and Affected Versions: CL4/6NX Plus versions prior to 1.15.5-r1 CL4/6NX-J Plus Japan model versions prior to 1.15.5-r1 Description: The CL4/6NX Plus and CL4/6NX-J Plus devices are susceptible to arbitrary Lua script execution. This occurs due to the ability to uplo...

PT-2025-31830 · Austrian Archaeological Institute · Openatlas

Name of the Vulnerable Software and Affected Versions: Austrian Archaeological Institute AI OpenAtlas version 8.11.0 Description: OpenAtlas contains a cross-site scripting XSS issue. Attackers can inject a crafted payload into the Name field, enabling the execution of arbitrary web scripts or HTM...

CVE-2025-26065

A cross-site scripting XSS vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a visiting Wi-Fi network...

Amazon Linux 2023 : git, git-all, git-core (ALAS2023-2025-1108)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1108 advisory. When a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. The option Support per-file encoding must have be...

CVE-2025-26064

A cross-site scripting XSS vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a connnected device...

CVE-2025-36563

Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser...

CVE-2025-54757

Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser...

WordPress plugin All in One Time Clock Lite 跨站脚本漏洞

WordPress All in One Time Clock Lite plugin is a plugin for tracking employee's working hours and supports employee/volunteer/contractor attendance recording and report generation. The WordPress All in One Time Clock Lite plugin suffers from a cross-site scripting vulnerability that stems from th...

WordPress plugin BlockSpare 跨站脚本漏洞

WordPress Blockspare plugin is a visual page builder plugin for WordPress that focuses on simplifying the website building process through drag and drop operations. WordPress Blockspare plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

WordPress plugin SureForms 安全漏洞

WordPress SureForms plugin is designed for WordPress visual form builder plugin , support drag and drop operation , no programming foundation can quickly build responsive form . WordPress SureForms plugin suffers from a cross-site scripting vulnerability that stems from the lack of effective...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-18563)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2025-45778

A stored cross-site scripting XSS vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description text field...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through crafted requests. An attacker can execute arbitrary scripts in the context of a user's browser by submitting crafted input to the title, categoryTitle, or tmpTag parameters. Details Cross-site scripting ...

CVE-2025-54757

Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser...

CVE-2025-54757

Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be executed on the browser...

CVE-2025-36563

Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser...