CVE-2025-59026

CVE-2025-59026 affects Open-Xchange OX App Suite (and related advisories) where uploading a malicious file enables execution of script code when a user clicks attacker-controlled links. Actions may run in the user’s context and can include exfiltration of sensitive information. Public exploit det...

CVE-2025-59025

Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization has been updated to avoid such bypasses. No publicly available exploits are known...

CVE-2025-59026

Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...

CVE-2025-30186

Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...

CVE-2025-30186

CVE-2025-30186 affects Open-Xchange OX App Suite. Malicious content uploaded as a file can execute script code when users follow attacker-controlled links, enabling unintended actions within the user’s account and potential exfiltration of sensitive data. The impact is described as limited to the...

CVE-2025-30186

Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...

Open-Xchange OX App Suite 安全漏洞

Open-Xchange OX App Suite is a productivity application suite from Open-Xchange, a German company. A security vulnerability exists in Open-Xchange OX App Suite that originates from uploading a malicious file that can execute script code via an attacker-controlled link, potentially leading to the...

Open-Xchange OX App Suite 安全漏洞

Open-Xchange OX App Suite is a productivity application suite from Open-Xchange, a German company. A security vulnerability exists in Open-Xchange OX App Suite that originates from uploading a malicious file that can execute script code via an attacker-controlled link, potentially leading to the...

PT-2025-48257

Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization has been updated to avoid such bypasses. No publicly available exploits are known...

CVE-2025-12848 XSS vulnerability when rendering filename in Webform Multiform

Webform Multiple File Upload module for Drupal 7.x contains a cross-site scripting XSS vulnerability in the file name renderer. An unauthenticated attacker can exploit this vulnerability by uploading a file with a malicious filename containing JavaScript code e.g., "" to a Webform node with a...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal that stems from a cross-site scripting vulnerability in the filename renderer that could lead to the execution of arbitrary script...

CVE-2025-10554

A stored Cross-site Scripting XSS vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-10555

A stored Cross-site Scripting XSS vulnerability affecting Service Items Management in DELMIA Service Process Engineer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-64730

Cross-site scripting vulnerability exists in SNC-CX600W all versions. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the product...

CVE-2025-64730

Cross-site scripting vulnerability exists in SNC-CX600W all versions. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the product...

CVE-2025-64730

CVE-2025-64730 affects Sony SNC-CX600W (all versions). A cross-site scripting vulnerability could allow arbitrary script execution in a user’s browser when visiting the product. There are no exploitation details in the provided documents. Mitigations/Remediation: apply the documented workaround, ...

CVE-2025-64730

Cross-site scripting vulnerability exists in SNC-CX600W all versions. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the product...

Sony SNC-CX600W 跨站脚本漏洞

The Sony SNC-CX600W is a wireless network HD camcorder from Sony Japan. A cross-site scripting vulnerability exists in all versions of the Sony SNC-CX600W, which stems from susceptibility to cross-site scripting attacks that could lead to the execution of arbitrary scripts...

WordPress HT Mega plugin cross-site scripting vulnerability

WordPress HT Mega plugin is an Elementor page builder plugin designed for WordPress websites. The WordPress HT Mega plugin suffers from a cross-site scripting vulnerability that stems from insufficient validation of user-supplied HTML tag name input, which can be exploited by an attacker to execu...

WordPress EchBay Admin Security plugin cross-site scripting vulnerability

WordPress EchBay Admin Security plugin is a once widely used security tool designed to provide an extra layer of protection for the WordPress admin backend. The WordPress EchBay Admin Security plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...