RLSA-2024:4242 Moderate: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

CVE-2025-45236

A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...

TOTOLINK N150RT IP Port Filtering Component Cross-Site Scripting Vulnerability

The TOTOLINK N150RT is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N150RT version 3.4.0-B20190525 suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the IP Port Filtering component, whi...

IBM Operational Decision Manager Cross-Site Scripting Vulnerability

IBM Operational Decision Manager is a decision management solution from International Business Machines IBM used to help organizations better manage and enforce business rules and decisions. IBM Operational Decision Manager suffers from a cross-site scripting vulnerability that stems from the...

Wiesemann & Theis Web-IO 跨站脚本漏洞

Wiesemann & Theis Web-IO is a Wiesemann & Theis component for small to medium-sized remote IO and monitoring applications over TCP/IP Ethernet. A cross-site scripting vulnerability exists in Wiesemann & Theis Web-IO that originates from a configuration web page where multiple fields can be inject...

CVE-2025-45236

A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...

CVE-2025-45236

A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...

CVE-2025-45236

A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...

CVE-2025-45236

Affected product: DBSyncer v2.0.6. Vulnerability: stored cross-site scripting (XSS) in the Edit Profile feature via the Nickname parameter. Root cause: mishandling of the Nickname field enabling injection of arbitrary web scripts/HTML. Impact: attackers can execute scripts or HTML in the context ...

PT-2025-19751 · Dbsyncer · Dbsyncer

Name of the Vulnerable Software and Affected Versions: DBSyncer version 2.0.6 Description: A stored cross-site scripting XSS issue in the Edit Profile feature allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Nickname parameter. Recommendations: For...

CLSA-2025-1746190792 libreoffice: Fix of 2 CVEs

CVE-2022-38745: avoid unnecessary empty -Djava.class.path= - CVE-2024-3044: add notify for script execution...

CVE-2022-42449

Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications...

CVE-2025-32974 org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type

XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is content on the page...

WordPress plugin Able Player cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Able Playe...

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform versions prior to 15.10.8 and prior to 16.2.0, which stems from an incomplete permissions analysis that could lead to malicious script...

CVE-2024-52888

For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties...

IBM Operational Decision Manager 跨站脚本漏洞

IBM Operational Decision Manager is a decision management solution from International Business Machines IBM used to help organizations better manage and enforce business rules and decisions. IBM Operational Decision Manager suffers from a cross-site scripting vulnerability that stems from the...

Amazon Linux 2 : libreoffice (ALASLIBREOFFICE-2025-007)

The version of libreoffice installed on the remote host is prior to 5.3.6.1-21. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2LIBREOFFICE-2025-007 advisory. Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The Documen...

Medium: libreoffice

Issue Overview: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that support...

CVE-2024-52888

For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties...