Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-16387)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2025-51398

A stored cross-site scripting XSS vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

CVE-2025-51396

A stored cross-site scripting XSS vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter...

CVE-2025-51397

A stored cross-site scripting XSS vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists...

CVE-2025-51398

A stored cross-site scripting XSS vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

Emby Windows 跨站脚本漏洞

Emby Windows is a media playback application for the Windows platform developed by Emby LLC that supports Windows 10, 11 and later systems. Emby Windows suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

CVE-2024-42912

A cross-site scripting XSS vulnerability in META-INF Kft. Email This Issue Data Center before 9.13.0-GA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the recipient field of an e-mail message...

Advantech iView Cross-Site Scripting Vulnerability (CNVD-2025-17827)

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. A cross-site scripting vulnerability exists in Advantech iView due to improper validation of user-supplied input. An attacker could use this vulnerability to execute...

Advantech iView Cross-Site Scripting Vulnerability

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. A cross-site scripting vulnerability exists in Advantech iView due to improper validation of user-supplied input. An attacker could use this vulnerability to execute...

CVE-2025-34111

An unauthenticated arbitrary file upload vulnerability exists in Tiki Wiki CMS Groupware version 15.1 and earlier via the ELFinder component's default connector connector.minimal.php, which allows remote attackers to upload and execute malicious PHP scripts in the context of the web server. The...

CVE-2025-53834

Caido is a web security auditing toolkit. A reflected cross-site scripting XSS vulnerability was discovered in Caido’s toast UI component in versions prior to 0.49.0. Toast messages may reflect unsanitized user input in certain tools such as Match and Scope. This could allow an attacker to craft...

CVE-2024-42912

A cross-site scripting XSS vulnerability in META-INF Kft. Email This Issue Data Center before 9.13.0-GA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the recipient field of an e-mail message...

CVE-2025-53924 Emlog vulnerable to stored Cross-site Scripting in links functionality

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the siteurl parameter. It is possible to inject malicious code into siteurl parameter...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Administration Console. An attacker can execute arbitrary scripts in the context of a user's browser by tricking the user into visiting a crafted URL. Details Cross-site scripting or XSS is a code...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Administration Console. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious payloads through user-controllable input fields. Details Cross-site scripting o...

CVE-2025-6977

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘pmgetmessengernotification’ function in all versions up to, and including, 5.9.5.4 due to insufficient input sanitization and output escaping. This makes it possib...

Cross-site Scripting (XSS)

Overview org.webjars.bowergithub.kazupon:vue-i18n is an Internationalization plugin for Vue.js Affected versions of this package are vulnerable to Cross-site Scripting XSS when performing translations with escapeParameterHtml set to true. An attacker can execute arbitrary JavaScript code in the...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is an enterprise-grade content management solution from Adobe designed to help companies efficiently build, manage and deliver multi-channel digital content and personalized experiences. Adobe Experience Manager suffers from a cross-site scripting vulnerability that stems...

PT-2025-29746 · Nanbu · Nanbu Welcart E-Commerce

Name of the Vulnerable Software and Affected Versions: nanbu Welcart e-Commerce versions through 2.11.16 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting XSS. This can potentially lead to the...

META-INF Kft. Email This Issue 安全漏洞

META-INF Kft. Email This Issue is an advanced email management plugin for Jira from Hungarian company META-INF Kft. A security vulnerability exists in versions prior to META-INF Kft. Email This Issue 9.13.0-GA, which stems from the injection of a specially crafted payload into the recipient field...