CVE-2025-51859

Stored Cross-Site Scripting XSS vulnerability in Chaindesk thru 2025-05-26 in its agent chat component. An attacker can achieve arbitrary client-side script execution by crafting an AI agent whose system prompt instructs the underlying Large Language Model LLM to embed malicious script payloads...

CVE-2025-51860

Stored Cross-Site Scripting XSS in TelegAI telegai.com 2025-05-26 in its chat component and character container component. An attacker can achieve arbitrary client-side script execution by crafting an AI Character with SVG XSS payloads in either description, greeting, example dialog, or system...

PT-2025-30412

Name of the Vulnerable Software and Affected Versions: ETQ Reliance CG legacy platform affected versions not specified Description: A reflected cross-site scripting XSS issue exists within the SQLConverterServlet component. This requires user interaction, such as clicking a crafted link, and may...

CVE-2025-51397

A stored cross-site scripting XSS vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists...

CVE-2025-51400

A stored cross-site scripting XSS vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

CVE-2025-51400

A stored cross-site scripting XSS vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

CVE-2025-51403

A stored cross-site scripting XSS vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter...

CVE-2025-51397

A stored cross-site scripting XSS vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists...

CVE-2025-51401

A stored cross-site scripting XSS vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the operator name parameter...

CVE-2025-51396

A stored cross-site scripting XSS vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter...

gitk: git script execution flaw

There's a vulnerability in gitk where an user can be tricked to run malicious scripts supplied by the attacker when running gitk filename command. When successfully exploited this vulnerability may result in arbitrary code execution...

CVE-2025-6235

In ExtremeControl before 25.5.12, a cross-site scripting XSS vulnerability was discovered in a login interface of the affected application. The issue stems from improper handling of user-supplied input within HTML attributes, allowing an attacker to inject script code that may execute in a user's...

CVE-2025-51400

A stored cross-site scripting XSS vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

CVE-2025-51403

A stored cross-site scripting XSS vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter...

WordPress plugin Gutentor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Gutentor plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, whi...

Simopro Technology WinMatrix3 安全漏洞

Simopro Technology WinMatrix3 is an IT resource management system for enterprise-class computer asset management, endpoint security control and IT operations management. Simopro Technology WinMatrix3 suffers from a cross-site scripting vulnerability that stems from the application's lack of...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-16387)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2025-51400

CVE-2025-51400 is a stored XSS in Live Helper Chat’s Personal Canned Messages. Affected versions include 4.60 (and 4.61 per sources). Root cause is insufficient input validation/storage of crafted payloads in the Personal Canned Messages, enabling arbitrary JavaScript execution when an admin/oper...

CVE-2025-51403

Vulnerability : CVE-2025-51403 affects Live Helper Chat (v4.60/v4.61 era) in the department assignment editing module. The issue is a stored XSS via the Alias Nick field, caused by insufficient validation/escaping of user input. Impact : stored XSS could allow a logged-in user with low privileges...

CVE-2025-51401

CVE-2025-51401 is a stored XSS in the Live Helper Chat chat transfer function, triggered by crafting the operator name parameter. Affected version: Live Helper Chat v4.60 (and related references indicate ≤4.61 in some advisories). The underlying issue is unsanitized input stored and later rendere...