IBM QRadar SIEM 跨站脚本漏洞

IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...

PT-2025-44056

Name of the Vulnerable Software and Affected Versions eLabFTW versions prior to 5.3.0 Description eLabFTW, an electronic lab notebook, allowed the serving of uploaded SVG files inline. Due to SVG’s support for active content, a malicious SVG file could be uploaded and executed when viewed, leadin...

Pleasanter 跨站脚本漏洞

Pleasanter is a free OSS no-code/low-code development tool from Pleasanter, Inc. A cross-site scripting vulnerability exists in Pleasanter that stems from a stored cross-site scripting vulnerability in Body, Description, and Comments that could lead to an attacker executing arbitrary script in a...

EUVD-2025-35798

Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...

CVE-2025-61931

CVE-2025-61931 describes a stored cross-site scripting vulnerability in Pleasanter, affecting the Body, Description and Comments fields. The vulnerability allows an attacker to execute arbitrary JavaScript in a logged-in user’s browser. Multiple connected sources (including JVNDB and Red Hat/NVD ...

CVE-2025-58070

Pleasanter contains a stored cross-site scripting vulnerability in Preview for Attachments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...

CVE-2025-58070

CVE-2025-58070 affects Pleasanter: stored XSS in Preview for Attachments. Root cause is insecure handling in the attachment preview feature, enabling arbitrary script execution in a logged‑in user’s browser. Impact is user‑level (confidentiality/integrity not clearly affected beyond script execut...

EUVD-2025-35799

Pleasanter contains a stored cross-site scripting vulnerability in Preview for Attachments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...

Cross-site Scripting (XSS)

com.liferay, com.liferay.dynamic.data.mapping.form.field.type is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper validation of user-supplied input in "Rich Text" type fields within web content structures, document types, or custom assets using the Data Engine module,...

WordPress Bg Book Publisher plugin cross-site scripting vulnerability

WordPress Bg Book Publisher plugin is a book publisher plugin for WordPress that is mainly used to help users manage book content and advertisements in their websites. WordPress Bg Book Publisher plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...

WordPress CF7 Auto Responder Addon plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress CF7 Auto Responder Addon plugin, which stems from the application's lack of effective filtering and escaping of...

Cross-site Scripting (XSS)

Overview Piranha.Manager is a manager panel for Piranha CMS for AspNetCore. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the /manager/pages component when user-supplied input is injected into Markdown blocks. An attacker can execute arbitrary web scripts or HTML...

CVE-2025-54806

GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert function. If a user accesses a crafted URL while logged in to the affected product, an arbitrary script may be executed on the user's web browser...

EUVD-2025-35654

GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert function. If a user accesses a crafted URL while logged in to the affected product, an arbitrary script may be executed on the user's web browser...

CVE-2025-54856

Movable Type contains a stored cross-site scripting vulnerability in Edit ContentData page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit ContentData page...

CVE-2025-54856

Movable Type is affected by a stored XSS in Edit ContentData (CVE-2025-54856). Exploitation requires input stored by a user with ContentType Management privileges, leading to script execution in the browser of users who access the Edit ContentData page. The issue is confirmed in multiple advisori...

Mediawiki - ExternalGuidance Cross-Site Scripting Vulnerability

Mediawiki - ExternalGuidance is an extension for providing links or resources for external guidance. Mediawiki - ExternalGuidance suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...

Weseek Growi 跨站脚本漏洞

Weseek Growi is an open source wiki system that can be written in Markdown by Weseek Japan. A cross-site scripting vulnerability exists in Weseek Growi v4.2.7 and earlier versions, which stems from a cross-site scripting vulnerability in the Page Alerts feature that could lead to the execution of...

Mediawiki - FlexDiagrams Extension Cross-Site Scripting Vulnerability

Mediawiki - FlexDiagrams Extension is an extension to MediaWiki for embedding and displaying diagrams or flowcharts in wiki pages. Mediawiki - FlexDiagrams Extension suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

Six Apart Movable Type 跨站脚本漏洞

Six Apart Movable Type is an application from Six Apart USA. Six Apart Movable Type is an application from Six Apart, Inc. that provides features such as multiple users, comments, references TrackBack, topics, and more. A cross-site scripting vulnerability exists in Six Apart Movable Type, which...