CVE-2025-58115

ChatLuck (Guest User Sign-up) is affected by a cross-site scripting vulnerability (CVE-2025-58115). The issue allows arbitrary script execution in a user’s browser when signing up as a guest, per Red Hat, NVD, CVE listings and JVN. The vulnerability affects ChatLuck’s guest signup flow; root caus...

CVE-2025-53858

CVE-2025-53858 affects ChatLuck, a ChatLuck product, with a cross-site scripting vulnerability in Chat Rooms that could allow arbitrary script execution in the web browser of a user accessing the product. The connected Red Hat, NVD, JVN, and CVE records corroborate the issue as a browser-executab...

CVE-2025-53858

ChatLuck contains a cross-site scripting vulnerability in Chat Rooms. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing the product...

D-Link Nuclias Connect 安全漏洞

D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. D-Link Nuclias Connect suffers from a cross-site scripting vulnerability that stems from the application...

WordPress plugin WP BookWidgets 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin WP BookWidgets cross-site scripting vulnerability , the vulnerability stems fr...

CVE-2025-62366

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated content is supplied. The function attempts t...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization of the name field in entities. An attacker can execute arbitrary JavaScript in the context of other users' sessions by injecting malicious code into the name field, which is then render...

CVE-2025-60374

Stored Cross-Site Scripting XSS in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A...

PT-2025-41969

Name of the Vulnerable Software and Affected Versions mailgen versions through 2.0.30 Description mailgen is a Node.js package used to generate responsive HTML e-mails. Versions through 2.0.30 have an issue where the generatePlaintext function does not properly remove encoded HTML entities from...

Centreon 安全漏洞

Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. Centreon cross-site scripting vulnerability , the vulnerability stems from the lack of effective...

Adobe Commerce 跨站脚本漏洞

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

EUVD-2025-34047

A stored Cross-site Scripting XSS vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

EUVD-2025-34046

A stored Cross-site Scripting XSS vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-10558 Stored Cross-site Scripting (XSS) vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x

A stored Cross-site Scripting XSS vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-10556

ENOVIA Specification Manager (3DEXPERIENCE) is affected by a stored XSS in the Specification Management module, impacting releases from R2023x through R2025x. The root cause is improper handling of user-supplied data in the web UI, enabling an attacker to execute arbitrary script code in a victim...

PT-2025-41768

Name of the Vulnerable Software and Affected Versions 3DSearch on 3DSwymer versions prior to 3DEXPERIENCE R2025x Description A stored Cross-site Scripting XSS issue exists in 3DSearch within 3DSwymer. This allows an attacker to execute arbitrary script code within a user’s browser session...

WordPress All Social Share Options plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress All Social Share Options plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of sc...

WordPress Eulerpool Research Systems plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Eulerpool Research Systems plugin that stems from a lack of valid filtering and escaping of the aaq shortcode, which...

WordPress Easy Elementor Addons plugin cross-site scripting vulnerability

The WordPress Elementor Addons plugin is a plugin that extends the Elementor page builder functionality and enhances site design capabilities by providing additional widgets and styles. A cross-site scripting vulnerability exists in the WordPress Easy Elementor Addons plugin, which stems from the...

PT-2025-41766

Name of the Vulnerable Software and Affected Versions ENOVIA Specification Manager versions 3DEXPERIENCE R2023x through 3DEXPERIENCE R2025x Description A stored Cross-site Scripting XSS issue exists in Specification Management within ENOVIA Specification Manager. This allows an attacker to execut...