6663 matches found
WordPress Auto Bulb Finder plugin cross-site scripting vulnerability
WordPress Auto Bulb Finder plugin is a plugin for quickly checking vehicle bulb models in a WordPress website, supporting the retrieval of appropriate auto bulb specifications by year, make, model and other information. The WordPress Auto Bulb Finder plugin suffers from a cross-site scripting...
WordPress dbview plugin cross-site scripting vulnerability
WordPress dbview plugin is a plugin for database query and display , developed by John Akers. The plugin through AJAX technology to achieve real-time query and dynamic display of database data , support for the direct execution of SQL statements and visual presentation of the results . WordPress...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23567)
AndSoft e-TMS is a logistics management software from AndSoft Spain. A cross-site scripting vulnerability exists in AndSoft e-TMS, which stems from the lack of effective filtering and escaping of user-supplied data in the parameter l of /clt/resetPassword.asp, which can be exploited by an attacke...
CVE-2025-52650
Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0...
WordPress plugin Colibri Page Builder 跨站脚本漏洞
WordPress Colibri Page Builder plugin is a plugin for ColibriWP theme to add drag-and-drop page building functionality , through visual operations to achieve modular page design . The WordPress Colibri Page Builder plugin suffers from a cross-site scripting vulnerability that stems from a lack of...
CVE-2025-59994
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Quick Template page that, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2025-59982
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the dashboard search field that, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2025-52650
Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0...
CVE-2025-52650 HCL AION is susceptible to Inline script execution allowed in CSP vulnerability
Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0...
EUVD-2025-33691
Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0...
CVE-2025-52650
CVE-2025-52650 – HCL AION v2.0 : A CSP-related issue allows inline script execution due to improper CSP enforcement in HCL AION version 2.0. The root cause is CSP misconfiguration that fails to block inline scripts, enabling potential script injection within the application. Documented sources (P...
PT-2025-41540
Name of the Vulnerable Software and Affected Versions HCL AION version 2.0 Description An issue exists in HCL AION version 2.0 related to Content Security Policy CSP enforcement. Improper CSP configuration allows for the execution of inline scripts, which should be blocked. This enables an attack...
CVE-2025-59995
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Quick Template page that, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2025-59994
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Quick Template page that, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2025-60002 Junos Space: Template Definitions page is vulnerable to reflected cross-site script injection
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Template Definitions page that, when visited by another user, enables the attacker to execute commands with the...
CVE-2025-60001 Junos Space: Create Quick Template page is vulnerable to reflected cross-site script injection
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2025-59999 Junos Space: API Access Profiles page is vulnerable to reflected cross-site script injection
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the API Access Profiles page that, when visited by another user, enables the attacker to execute commands with the target...
CVE-2025-59996
The CVE-2025-59996 issue affects Juniper Networks Junos Space versions prior to 24.1R4, where an Improper Neutralization of Input During Web Page Generation enables cross-site scripting in the Configuration View page. Exploitation would allow an attacker to inject script tags that, when a second ...
CVE-2025-59996 Junos Space: Configuration View page is vulnerable to reflected cross-site script injection
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Configuration View page that, when visited by another user, enables the attacker to execute commands with the target'...
CVE-2025-59993
CVE-2025-59993 affects Juniper Networks Junos Space before version 24.1R4. The issue is an XSS vulnerability in the Space Node Setting fields (and related pages) where improper input neutralization allows injection of script tags, enabling an attacker to run commands with the target user’s privil...