EUVD-2024-28046

HCL DRYiCE AEX product is impacted by lack of input validation vulnerability in a particular web application. A malicious script can be injected into a system which can cause the system to behave in unexpected ways...

CVE-2016-15049 Nagios Log Server < 1.4.2 Dashboards Logs Table XSS

Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting XSS in the Dashboards section when rendering log entries in the Logs table. Untrusted log content was not safely encoded for the output context, allowing attacker-controlled data present in logs to execute script in...

CVE-2025-52179

Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Revolution 4.1 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahrw/jsp/gsfrfeditorHTML.jsp endpoint...

EUVD-2025-37011

Cross-site scripting XSS vulnerability in blog-details.php in Hiruna Gallage's Glamour Salon Management System v1 allows remote attackers to inject arbitrary web script or HTML via the blog comment section parameter...

EUVD-2025-37020

Dell Secure Connect Gateway SCG Policy Manager, versions 5.20. 5.22, 5.24, 5.26, 5.28, contains an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading...

CVE-2025-36592

Dell Secure Connect Gateway SCG Policy Manager, versions 5.20. 5.22, 5.24, 5.26, 5.28, contains an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading...

CVE-2025-50574

Cross-site scripting XSS vulnerability in blog-details.php in Hiruna Gallage's Glamour Salon Management System v1 allows remote attackers to inject arbitrary web script or HTML via the blog comment section parameter...

CVE-2025-53883 spacewalk-java has various XSS issues on search page

A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability allows attackers to run arbitrary javascript via a reflected XSS issue in the search fields.This issue affects Container suse/manager/5.0/x8664/server:latest: from ? before 5.0.28-150600.3.36.8; SUSE Manag...

PT-2025-44564

Name of the Vulnerable Software and Affected Versions Heimdall Data Database Proxy affected versions not specified Description This issue allows remote attackers to execute arbitrary code on affected installations of Heimdall Data Database Proxy with minimal user interaction. The flaw resides in...

WordPress plugin NS Maintenance Mode for WP 安全漏洞

WordPress NS Maintenance Mode for WP plugin is a WordPress plugin for setting a website into maintenance mode, displaying temporary pages to visitors during updates or maintenance while allowing administrators or designated users to access the backend. The WordPress NS Maintenance Mode for WP...

PT-2025-44541

Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

Dell Secure Connect Gateway Policy Manager 跨站脚本漏洞

DELL Secure Connect Gateway Policy Manager is a Secure Connect Gateway management tool from Dell that is used to configure and manage security policies for SecureConnectGateway SCG devices. A cross-site scripting vulnerability exists in DELL Secure Connect Gateway Policy Manager that originates...

CVE-2025-34306

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the pienumber parameter when updating the default firewall IP search values. When a user updates these defaults,...

PT-2025-44359

Name of the Vulnerable Software and Affected Versions Drupal Umami Analytics versions prior to 1.0.1 Description A flaw exists in Drupal Umami Analytics that allows for Cross-Site Scripting XSS. This issue arises from improper neutralization of input during web page generation. The vulnerability...

EUVD-2025-36517

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code into the COUNTRYCODE parameter when creating a location group. When a user adds a new location group, the application...

CVE-2025-34310

IPFire (before 2.29 Core Update 198) is affected by a stored XSS in QoS settings. The vulnerability arises when updating QoS via /cgi-bin/qos.cgi, where INC_SPD, OUT_SPD, DEFCLASS_INC, and DEFCLASS_OUT values are stored and later rendered without proper sanitization, allowing an authenticated use...

CVE-2025-34314 IPFire < v2.29 Stored XSS via Time Constraint Rule URL Filter

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the SRC, DST, and COMMENT parameters when creating a time constraint rule. When a user adds a time constraint rul...

CVE-2025-50055

Cross-site scripting XSS vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service ACS endpoint servers to inject arbitrary web script or HTML via the RelayState parameter...

CVE-2025-11682

Stored cross-site scripting XSS vulnerability in the LMT Dashboard of the Perx Customer Engagement & Loyalty Platform allows an authenticated attacker to execute arbitrary JavaScript code in a victim's browser. The vulnerability is due to improper sanitization of SVG file uploads. An attacker can...

PT-2025-44161

Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire versions prior to 2.29 Core Update 198 are susceptible to a stored cross-site scripting XSS issue. An authenticated attacker can inject arbitrary JavaScript code through the PROT...