phpIPAM cross-site scripting vulnerability (CNVD-2025-06929)

phpIPAM is phpIPAM open source set of open source PHP and MySQL based IP address management application IPAM. phpIPAM suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an...

Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS)

Exploit Title: Anchor CMS 0.12.7 - Stored Cross Site Scripting XSS Date: 04/28/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://anchorcms.com/ Software Link: https://github.com/anchorcms/anchor-cms/archive/refs/tags/0.12.7.zip Version: latest Tested on: MacOS Log in to Anchor CMS...

CVE-2025-30292

CVE-2025-30292 affects Adobe ColdFusion: versions 2023.12, 2021.18, 2025.0 and earlier are vulnerable to a reflected Cross-Site Scripting (XSS) issue. If a victim is convinced to visit a URL referencing a vulnerable page, malicious JavaScript can execute in the user’s browser context, potentially...

Hewlett Packard Enterprise AOS（HPE AOS） 安全漏洞

Hewlett Packard Enterprise AOS HPE AOS is a network operating system for data centers, campuses, and edges from Hewlett Packard Enterprise USA. A security vulnerability exists in Hewlett Packard Enterprise AOS HPE AOS that stems from a reflective cross-site scripting vulnerability that allows an...

CVE-2024-46494

A cross-site scripting XSS vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into Name parameter under a comment for an Article...

CVE-2024-46494

A cross-site scripting XSS vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into Name parameter under a comment for an Article...

CVE-2025-3087

Stored XSS in M-Files Web versions from 25.1.14445.5 to 25.2.14524.4 allows an authenticated user to run scripts...

CVE-2025-2159

Stored XSS in Desktop UI in M-Files Server Admin tool before version 25.3.14681.7 on Windows allows authenticated local user to run scripts via UI...

RHEL 9 : libreoffice (RHSA-2025:3550)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3550 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a...

RHEL 9 : libreoffice (RHSA-2025:3548)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3548 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a...

RHEL 7 : libreoffice (RHSA-2025:3390)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3390 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a...

RHEL 9 : libreoffice (RHSA-2025:3408)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3408 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a...

CVE-2025-3087 Stored XSS Vulnerability in M-Files Web

Stored XSS in M-Files Web versions from 25.1.14445.5 to 25.2.14524.4 allows an authenticated user to run scripts...

CVE-2025-3087

CVE-2025-3087 concerns a stored XSS in M-Files Web. Affected are M-Files Web versions 25.1.14445.5 through 25.2.14524.4. The issue arises from stored cross-site scripting that can be triggered by an authenticated user who can run scripts. Documented impact is that scripts may be executed in the u...

CVE-2025-2159 Stored XSS in M-Files Admin user interface

Stored XSS in Desktop UI in M-Files Server Admin tool before version 25.3.14681.7 on Windows allows authenticated local user to run scripts via UI...

CVE-2025-2159

CVE-2025-2159 affects M-Files Server Admin Tool Desktop UI prior to version 25.3.14681.7 on Windows. The issue is a stored XSS in the Desktop UI that allows an authenticated local user to execute scripts via the UI. Impact is limited to the Desktop UI component; exploitation requires local authen...

SUSE CVE-2025-2946

pgAdmin = 9.1 is affected by a security vulnerability with Cross-Site ScriptingXSS. If attackers execute any arbitrary HTML/JavaScript in a user's browser through query result rendering, then HTML/JavaScript runs on the browser...

M-Files Server 安全漏洞

M-Files Server is a server for the M-Files system from M-Files, Inc. A security vulnerability exists in M-Files Server versions prior to 25.3.14681.7, which stems from stored cross-site scripting and could lead to script execution by a local user...

PT-2025-14857 · M Files · M-Files Web

Name of the Vulnerable Software and Affected Versions: M-Files Web versions 25.1.14445.5 through 25.2.14524.4 Description: The issue allows an authenticated user to run scripts, which is a result of a stored XSS. This enables the execution of malicious scripts by authenticated users...

CVE-2025-3155

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...