CVE-2025-41406

Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the moderator user...

Uchida Yoko wivia 跨站脚本漏洞

The Uchida Yoko wivia is a presentation aid from Uchida Yoko Japan that wirelessly projects a computer screen to a display device such as a projector. A cross-site scripting vulnerability exists in Uchida Yoko wivia that originates from cross-site scripting and could lead to the execution of...

Dassault Systèmes Product Manager 跨站脚本漏洞

Dassault Systèmes Product Manager is a product management software from Dassault Systèmes France. A cross-site scripting vulnerability exists in Dassault Systèmes Product Manager versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2025x, which originates from stored cross-site scripting and could...

Dassault Systèmes Collaborative Industry Innovator 跨站脚本漏洞

Dassault Systèmes Collaborative Industry Innovator is a software for collaborative management from Dassault Systèmes France. A cross-site scripting vulnerability exists in Dassault Systèmes Collaborative Industry Innovator versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2025x, which originates...

Dassault Systèmes Collaborative Industry Innovator 跨站脚本漏洞

Dassault Systèmes Collaborative Industry Innovator is a software for collaborative management from Dassault Systèmes France. A cross-site scripting vulnerability exists in Dassault Systèmes Collaborative Industry Innovator versions 3DEXPERIENCE R2023x through 3DEXPERIENCE R2025x, which stems from...

Dassault Systèmes Project Portfolio Manager 跨站脚本漏洞

Dassault Systèmes Project Portfolio Manager is an application from Dassault Systèmes, France. It is responsible for developing and implementing the project portfolio management process. A cross-site scripting vulnerability exists in Dassault Systèmes Project Portfolio Manager 3DEXPERIENCE R2022x...

Dassault Systèmes Product Manager 跨站脚本漏洞

Dassault Systèmes Product Manager is a product management software from Dassault Systèmes France. A cross-site scripting vulnerability exists in Dassault Systèmes Product Manager versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2025x, which originates from stored cross-site scripting and could...

PT-2025-23261 · Wivia 5 · Wivia 5

Name of the Vulnerable Software and Affected Versions: Wivia 5 affected versions not specified Description: A cross-site scripting issue exists. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the...

firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Error handling for script execution is incorrectly isolated from web content, which could allow cross-origin leak attacks...

Medium: yelp-xsl

Issue Overview: A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. CVE-2025-3155 Affected Packages: yelp-xsl...

WordPress plugin Smash Balloon Social Photo Feed 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Smash Balloon Social Photo Feed plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping...

RHEL 9 : firefox (RHSA-2025:8293)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:8293 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

ALSA-2025:8308 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details CVE-2025-5267 firefox: thunderbird: Potential local code execution ...

[SECURITY] [DLA 4185-1] yelp-xsl security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4185-1 [email protected] https://www.debian.org/lts/security/ Lucas Kanashiro May 28, 2025 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 5927-1] yelp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5927-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 28, 2025 https://www.debian.org/security/faq -...

DRUPAL-CONTRIB-2025-072

This module addresses the General Data Protection Regulation GDPR and the EU Directive on Privacy and Electronic Communications. The module doesn't sufficiently verify whether "disabled JavaScript" entries are valid or correspond to actual scripts on the page. As a result, an attacker could injec...

Debian dla-4184 : libyelp-dev - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4184 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4184-1 [email protected] https://www.debian.org/lts/security/...

Debian dla-4185 : yelp-xsl - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4185 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4185-1 [email protected] https://www.debian.org/lts/security/...

CVE-2025-5263

Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11...

UBUNTU-CVE-2025-5263

Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability affects Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11...