CVE-2025-55620

A cross-site scripting XSS vulnerability in the valuateJavascript function of Reolink v4.54.0.4.20250526 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the user creation process via the /admin/settings/users/create endpoint, where file uploads are insufficiently sanitized due to improper MIME type validation. An attacker can execute arbitrary JavaScript in t...

CVE-2025-55522

Akaunting 3.1.18 contains a Cross-site Scripting (XSS) vulnerability in the /common/reports component. The flaw allows an attacker to inject arbitrary web scripts or HTML via the name parameter, leading to potential user–level impact consistent with XSS. Root cause is improper handling/encoding o...

Group Office 跨站脚本漏洞

Group Office is a modular office suite from the Dutch company Group Office. A cross-site scripting vulnerability exists in Group Office versions prior to 6.8.119 and prior to 25.0.20, which stems from a cross-site scripting attack that could lead to the execution of arbitrary script...

JVN#72111431: Multiple vulnerabilities in Group-Office

Group-Office provided by Intermesh BV contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 4.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2025-53504 Path traversal CWE-22...

Linux Distros Unpatched Vulnerability : CVE-2018-6110

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML...

WordPress BaiduXZH Submit plugin cross-site scripting vulnerability

WordPress BaiduXZH Submit plugin is a third-party WordPress plugin, mainly used for automatic submission of website content to Baidu Bear Paw, to achieve rapid inclusion within 24 hours, and support for original protection features. WordPress BaiduXZH Submit plugin has a cross-site scripting...

Cross-site Scripting (XSS)

microweber/microweber is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the id parameter in the liveedit.modulesettings API endpoint allowing arbitrary JavaScript execution...

CVE-2025-51488

MoonShine, a Laravel-based admin panel, is affected by CVE-2025-51488 due to a Stored XSS in the Create Admin flow. The vulnerability arises from improper sanitization of the Name parameter when creating a new Admin, allowing an attacker to store and execute arbitrary JavaScript in victims’ brows...

Linux Distros Unpatched Vulnerability : CVE-2024-52336

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A script injection vulnerability was identified in the Tuned package. The instancecreate D-Bus function can be called by locally logged-in users without...

Linux Distros Unpatched Vulnerability : CVE-2025-3155

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to...

CVE-2025-8143 Soledad <= 8.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'pcsml_smartlists_h'

The Soledad theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pcsmlsmartlistsh’ parameter in all versions up to, and including, 8.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

PT-2025-33538 · WordPress · Advanced Iframe

Name of the Vulnerable Software and Affected Versions: Advanced iFrame plugin for WordPress versions prior to 2025.7 Description: The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the additional parameter due to insufficient input sanitization and output...

WordPress Mosaic Generator plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Mosaic Generator plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-suppli...

CVE-2025-40769

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V3.0. The affected application uses a Content Security Policy that allows unsafe script execution methods. This could allow an attacker to execute unauthorized scripts, potentially leading to cross-site...

CVE-2025-42975

SAP NetWeaver Application Server ABAP BIC Document allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing the attacker to acces...

WordPress plugin 12 Step Meeting List 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress 12 Step Meeting List plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

CVE-2025-55157

A use-after-free vulnerability was found in Vim. This flaw allows an attacker who can trick a user into processing a specially crafted file to trigger the use-after-free, causing the application to crash. Mitigation Do not run untrusted Vim scripts as it's not recommended...

USN-6885-6 apache2 regression

USN-6885-1 fixed vulnerabilities in Apache. The patch for CVE-2024-38474 was incomplete and caused a regression. This update provides the fix for this issue. Original advisory details: Orange Tsai discovered that the Apache HTTP Server modrewrite module incorrectly handled certain substitutions. ...

Cross-site Scripting (XSS)

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via form fields. An attacker can execute arbitrary scripts in the context of other users by injecting malicious code, potentially escalating...