CVE-2024-55494

A PHP Code Injection vulnerability that can lead to Remote Code Execution RCE and XSS in Opencode Mobile Collect Call v5.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the opfunc parameter at /occontrolpanel/index.php...

CVE-2025-20166 Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied...

CVE-2025-21603

Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when accessing a crafted URL...

CVE-2025-21603

Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when accessing a crafted URL...

CVE-2025-21603

CVE-2025-21603 affects PLANEX MZK-DP300N routers (firmware v1.05 and earlier). The issue is a cross-site scripting flaw (CWE-79) in the web interface, allowing an attacker who has logged in to manipulate device settings to trigger arbitrary script execution in the logged-in user’s browser via a c...

CVE-2025-22395

Dell Update Package Framework, versions prior to 22.01.02, contains a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of...

WordPress plugin formafzar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin formafzar...

WordPress plugin EO4WP 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin EO4WP version 1.0.7 and previous versions of cross-site scripting vulnerability , the...

CVE-2024-46209

A stored cross-site scripting XSS vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter...

CVE-2024-46209

A stored cross-site scripting XSS vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter...

IBM Sterling B2B Integrator 跨站脚本漏洞

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. IBM Sterling B2B Integrator suffe...

MAL-2025-61 Malicious code in express-v4 (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 67ebd6ae141b2ad735a5d06a361820acbdba7b725729e8fa795cf1be86282e30 Any computer that has this package install...

LightPicture 代码注入漏洞

LightPicture is an enterprise/team/personal image resource management system, picture bed system. LightPicture cross-site scripting vulnerability , the vulnerability stems from the file/api/upload parameter file on the user-supplied data lack of effective filtering and escaping , an attacker can...

CVE-2024-56321

GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 inclusive can allow GoCD admins to abuse the backup configuration "post-backup script" feature to potentially execute arbitrary scripts on the hosting server or container as GoCD's user, rather than pre-configured scripts. I...

CVE-2024-56321

CVE-2024-56321 (GoCD) affects GoCD 18.9.0–24.4.0. The issue allows admins to abuse the backup configuration “post-backup script” to run arbitrary scripts on the hosting server/container as the GoCD user. In practice, impact is limited since an admin typically has host permissions, but in restrict...

CVE-2024-56321 GoCD can allow malicious GoCD admins to abuse backup configuration to gain additional host access

GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 inclusive can allow GoCD admins to abuse the backup configuration "post-backup script" feature to potentially execute arbitrary scripts on the hosting server or container as GoCD's user, rather than pre-configured scripts. I...

CVE-2024-56321 GoCD can allow malicious GoCD admins to abuse backup configuration to gain additional host access

GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 inclusive can allow GoCD admins to abuse the backup configuration "post-backup script" feature to potentially execute arbitrary scripts on the hosting server or container as GoCD's user, rather than pre-configured scripts. I...

GoCD 安全漏洞

GoCD is a continuous delivery server from GoCD Open Source. A security vulnerability exists in GoCD versions 18.9.0 through 24.4.0, which stems from a vulnerability that allows misuse of the backup configuration feature, which could potentially allow execution of arbitrary scripts on managed...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS by sending a crafted payload to the /info endpoint via the lgslquery40 function. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into an...

JetBrains TeamCity Image Name Cross-Site Scripting Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A cross-site scripting vulnerability exists in...