CVE-2024-52887

Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list...

CVE-2024-52887

CVE-2024-52887 affects Check Point Mobile Access (R82 and prior). An authenticated end-user can set a specially crafted SNX bookmark that causes their browser to execute a script when accessing the bookmark list (stored/self-XSS in the ‘favorites’ dialog). Exact impact details are not quantified ...

Check Point Mobile Access 安全漏洞

Check Point Mobile Access is a secure and easy solution from Check Point Israel. It is used for smartphones, tablets or PCs to securely connect to corporate applications over the Internet. A security vulnerability exists in Check Point Mobile Access R82 and prior versions, which stems from the...

PT-2025-17988 · Apache · Apache Struts

Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The issue allows an authenticated end-user to potentially run a script while the portal attempts to display a directory or some file's properties. Recommendations: At the moment, ther...

Check Point Mobile Access 安全漏洞

Check Point Mobile Access is a secure and easy solution from Check Point Israel. It is used for smartphones, tablets or PCs to securely connect to corporate applications over the Internet. A security vulnerability exists in Check Point Mobile Access R82 and prior versions, which originates from a...

PT-2025-17987 · Check Point · Check Point Mobile Access

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An authenticated end-user can set a specially crafted SNX bookmark, which can cause their browser to run a script when accessing their own bookmark list. Recommendations: At the moment, ther...

CVE-2024-41446

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...

IBM Maximo Asset Management 跨站脚本漏洞

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...

CVE-2024-53568

A stored cross-site scripting XSS vulnerability in the Image Upload section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the tag parameter...

CVE-2023-44753

A stored cross-site scripting XSS vulnerability fin Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter on the profile.php page...

CVE-2023-43378

A cross-site scripting XSS vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento11 parameter...

CVE-2024-53568

A stored cross-site scripting XSS vulnerability in the Image Upload section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the tag parameter...

CVE-2023-43378

A cross-site scripting XSS vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento11 parameter...

CVE-2023-44753

A stored cross-site scripting XSS vulnerability fin Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter on the profile.php page...

PT-2025-17585 · Unknown · Volmarg Personal Management System

Name of the Vulnerable Software and Affected Versions: Volmarg Personal Management System version 1.4.65 Description: A stored cross-site scripting XSS issue exists in the New Goal Creation section, allowing authenticated attackers to execute arbitrary web scripts or HTML by injecting a crafted...

CVE-2025-29660

A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...

CVE-2025-29660

A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...

CVE-2024-41446

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...

Cross-Site Scripting

yiisoft/yii is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to in specific scenarios where the fallback error renderer is used, allowing an attacker to execute arbitrary scripts in the context of the user’s browser...

CVE-2025-29660

A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...