CVE-2025-45406

A stored cross-site scripting XSS vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbartime parameter. NOTE: this is disputed by the Supplier because attackers cannot influence the value of debugbartime, and...

WordPress User Registration Plugin Cross-Site Scripting Vulnerability

WordPress User Registration Plugin is a plugin for extending the functionality of WordPress, mainly used to create custom user registration forms, manage user accounts and implement membership features. WordPress User Registration Plugin suffers from a cross-site scripting vulnerability that stem...

WordPress Qwizcards plugin cross-site scripting vulnerability

WordPress Qwizcards plugin is a plugin for the WordPress platform that is mainly used to create online quiz question and answer test and flashcard flashcard content. WordPress Qwizcards plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

Simopro Technology WinMatrix3 Cross-Site Scripting Vulnerability

Simopro Technology WinMatrix3 is an IT resource management system for enterprise-class computer asset management, endpoint security control and IT operations management. Simopro Technology WinMatrix3 suffers from a cross-site scripting vulnerability that stems from the application's lack of...

CVE-2025-45406

A stored cross-site scripting XSS vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbartime parameter. NOTE: this is disputed by the Supplier because attackers cannot influence the value of debugbartime, and...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-17110)

Adobe Experience Manager is an enterprise-grade content management solution from Adobe designed to help companies efficiently build, manage and deliver multi-channel digital content and personalized experiences. Adobe Experience Manager suffers from a cross-site scripting vulnerability that stems...

NewStart CGSL MAIN 7.02 : httpd Multiple Vulnerabilities (NS-SA-2025-0132)

The remote NewStart CGSL host, running version MAIN 7.02, has httpd packages installed that are affected by multiple vulnerabilities: - Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications...

GHSA-269J-37WW-CMH3 Mezzanine CMS vulnerable to Cross-site Scripting

A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...

gitk: git script execution flaw

There's a vulnerability in gitk where an user can be tricked to run malicious scripts supplied by the attacker when running gitk filename command. When successfully exploited this vulnerability may result in arbitrary code execution...

CVE-2025-51396

A stored cross-site scripting XSS vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter...

CVE-2025-51398

A stored cross-site scripting XSS vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

CVE-2025-51400

A stored cross-site scripting XSS vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

Security Bulletin: Host Header Injection Vulnerability in IBM Operations Analytics - Log Analysis (CVE-2024-40686)

Summary Host header vulnerability in IBM Operations Analytics - Log Analysis allows remote attackers to execute scripts within the application context via remote file inclusion. This has been addressed. Vulnerability Details CVEID:CVE-2024-40686 DESCRIPTION: IBM SmartCloud Analytics - Log Analysi...

CVE-2025-51860

Stored Cross-Site Scripting XSS in TelegAI telegai.com 2025-05-26 in its chat component and character container component. An attacker can achieve arbitrary client-side script execution by crafting an AI Character with SVG XSS payloads in either description, greeting, example dialog, or system...

gitk: git script execution flaw

There's a vulnerability in gitk where an user can be tricked to run malicious scripts supplied by the attacker when running gitk filename command. When successfully exploited this vulnerability may result in arbitrary code execution...

ETQ Reliance CG 安全漏洞

ETQ Reliance CG is a quality management system from ETQ Corporation. A security vulnerability exists in ETQ Reliance CG that stems from the SQLConverterServlet component being susceptible to a reflective cross-site scripting attack, which could lead to the execution of unauthorized scripts in the...

WordPress plugin WP-Members Membership Plugin 跨站脚本漏洞

WordPress WP-Members Membership plugin is a free membership plugin for WordPress, which is mainly used to restrict access to website content and support user login, registration and personalized user profile management. WordPress WP-Members Membership plugin suffers from a cross-site scripting...

CVE-2025-51860

Stored Cross-Site Scripting XSS in TelegAI telegai.com 2025-05-26 in its chat component and character container component. An attacker can achieve arbitrary client-side script execution by crafting an AI Character with SVG XSS payloads in either description, greeting, example dialog, or system...

CVE-2025-51860

TelegAI (telegai.com) is affected by a Stored XSS (CVE-2025-51860) in its chat component and character container. The vulnerability allows an attacker to craft an AI Character with SVG XSS payloads in fields such as description, greeting, example dialog, or system prompt, causing arbitrary client...

CVE-2025-51859

Stored Cross-Site Scripting XSS vulnerability in Chaindesk thru 2025-05-26 in its agent chat component. An attacker can achieve arbitrary client-side script execution by crafting an AI agent whose system prompt instructs the underlying Large Language Model LLM to embed malicious script payloads...