6661 matches found
CVE-2025-70297
A stored cross-site scripting XSS vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser...
XSS Vulnerability in IBM Cloud Pak for Business Automation
IBM Cloud Pak for Business AutomationAn integrated software component that delivers design, build, run, and automation services to quickly scale your programs and fully execute and implement automation strategies. An XSS vulnerability exists in IBM Cloud Pak for Business Automation, which can be...
CVE-2025-66606
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scripts. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...
CVE-2025-66601
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. When an attacker performs a content sniffing attack, malicious scripts could be executed. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVR...
CVE-2025-13064
A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with...
CVE-2025-13064
A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with...
CVE-2025-13064
A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with...
CVE-2025-13064
A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with...
CVE-2025-13064
Technical details about CVE-2025-13064 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.
AXIS Camera Station Pro 安全漏洞
AXIS Camera Station Pro is a video management software developed by the Swedish company Axis. There is a security vulnerability in AXIS Camera Station Pro, which allows malicious administrators to perform server-side injections, potentially leading to the execution of malicious scripts...
PT-2026-7231
A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with...
Cross-site Scripting (XSS)
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of the prefix and suffix fields in the Number field type settings without proper escaping. An attacker can execute arbitrary scripts in the context ...
CVE-2025-63354
Hitron HI3120 v7.2.4.5.2b1 allows stored XSS via the Parental Control option when creating a new filter. The device fails to properly handle inputs, allowing an attacker to inject and execute JavaScript...
CVE-2025-66606
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scripts. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...
CVE-2025-66601
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. When an attacker performs a content sniffing attack, malicious scripts could be executed. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVR...
CVE-2025-66601
CVE-2025-66601 affects Yokogawa FAST/TOOLS, specifically packages RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB, versions R9.01–R10.04. The vulnerability is a MIME-type handling/content-sniffing issue that could allow execution of malicious scripts when processing content delivered over the network. The ...
CVE-2025-66601
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. When an attacker performs a content sniffing attack, malicious scripts could be executed. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVR...
CVE-2025-66606
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scripts. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...
CVE-2025-66606
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scripts. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...
CVE-2025-66606
CVE-2025-66606 affects Yokogawa FAST/TOOLS. Root cause: improper URL encoding in FAST/TOOLS web components, allowing a network-accessible attacker to tamper with web pages or execute malicious scripts. Affected packages/versions: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) from R...