TencentOS Server 3: libreoffice (TSSA-2024:0293)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0293 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Dassault Systèmes Project Portfolio Manager 安全漏洞

Dassault Systèmes Project Portfolio Manager is an application from Dassault Systèmes France. It is responsible for developing and implementing the project portfolio management process. A security vulnerability exists in Dassault Systèmes Project Portfolio Manager that stems from a stored cross-si...

CVE-2025-49580

XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never be...

GHSA-JM43-HRQ7-R7W6 XWiki allows privilege escalation through link refactoring

Impact Pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never been executed. This vulnerability affects all version of XWiki since 8.2 and 7.4.5...

CVE-2025-49580 XWiki allows privilege escalation through link refactoring

XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never be...

CVE-2025-49580 XWiki allows privilege escalation through link refactoring

XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never be...

CVE-2025-49580

Summary of CVE-2025-49580 : XWiki platforms are affected by a privilege-escalation vulnerability where pages can gain script or programming rights if a link target is renamed or moved, potentially allowing execution of scripts in xobjects. Affected versions include 7.4.5 through 16.4.7 and 8.2 th...

CVE-2025-49580 XWiki allows privilege escalation through link refactoring

XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never be...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.11 MFSA 2025-46, bsc1243353: CVE-2025-5262: Double-free in libvpx encoder bmo1962421 CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content bmo1960745...

CVE-2025-28380

A cross-site scripting XSS vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2025-12789)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A securit...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-12788)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A securit...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-12787)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A securit...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-12786)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A securit...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2025-14294)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A securit...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-14293)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A securit...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-14291)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A securit...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-14290)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A securit...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-14289)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A securit...

CVE-2025-28380

Summary of CVE-2025-28380 : OpenC3 COSMOS is affected by an XSS vulnerability that enables execution of arbitrary web scripts/HTML via a crafted payload in a URL parameter, observed in versions prior to 6.0.2. The reports consistently identify the vulnerable component as the web-facing URL parame...