Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a comprehensive content management solution from Adobe. A cross-site scripting vulnerability exists in Adobe Experience Manager, which stems from the vulnerability of form fields to stored cross-site scripting attacks. An attacker can exploit the vulnerability to cause...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the collector, which does not properly sanitize user input. An attacker can execute arbitrary script code within the context of a user's browser, enabling them to hijack sessions, exfiltrate sensitive...

grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect

A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting XSS attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious...

firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Error handling for script execution is incorrectly isolated from web content, which could allow cross-origin leak attacks...

firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Error handling for script execution is incorrectly isolated from web content, which could allow cross-origin leak attacks...

WordPress plugin History Log by click5 跨站脚本漏洞

WordPress History Log by click5 is a plugin for tracking user activity and logging changes to your website. A cross-site scripting vulnerability exists in WordPress History Log by click5. The vulnerability stems from improper input neutralization and can be exploited by an attacker to execute...

RHEL 8 : thunderbird (RHSA-2025:8628)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8628 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Out-of-bounds access when resolving...

OESA-2025-1608 yelp security update

Yelp is the help viewer in GNOME. It natively views Mallard, DocBook, man, info, and HTML documents. It can locate documents according to the freedesktop.org help system specification. Security Fixes: A flaw was found in Yelp. The Gnome user help application allows the help document to execute...

Medical Card Generation System HTML Injection Vulnerability

Medical Card Generation System is a medical card generation system. The Medical Card Generation System suffers from an HTML injection vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the pagedes parameter of admin/contactus.php, which can be...

firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Error handling for script execution is incorrectly isolated from web content, which could allow cross-origin leak attacks...

Exploit for Cross-site Scripting in Devaslanphp Project_Management

Exploit Title: Project Management - Stored XSS Google Do...

firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Error handling for script execution is incorrectly isolated from web content, which could allow cross-origin leak attacks...

RHEL 9 : thunderbird (RHSA-2025:8599)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8599 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Out-of-bounds access when resolving...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Red Hat Product Security has rated this update ...

WordPress plugin WP Easy Contact 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress WP Easy Contact plugin, which stems from insufficient input cleanup and output escaping, and can be exploited by an...

TOTOLINK X2000R 安全漏洞

The X2000R is a wireless router from China's Gion Electronics TOTOLINK. Ltd. X2000R version 1.0.0-B20230726.1108 suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter URL Address, which can be exploite...

firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Error handling for script execution is incorrectly isolated from web content, which could allow cross-origin leak attacks...

CVE-2025-4990

A stored Cross-site Scripting XSS vulnerability affecting Change Governance in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-4986

A stored Cross-site Scripting XSS vulnerability affecting Model Definition in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-4991

A stored Cross-site Scripting XSS vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...