Alfasado PowerCMS 跨站脚本漏洞

Alfasado PowerCMS is a content management system CMS from Alfasado Japan. A cross-site scripting vulnerability exists in Alfasado PowerCMS that originates from stored cross-site scripting and could lead to the execution of arbitrary script...

Alfasado PowerCMS 跨站脚本漏洞

Alfasado PowerCMS is a content management system CMS from Alfasado Japan. A cross-site scripting vulnerability exists in PowerCMS that stems from reflective cross-site scripting and could lead to the execution of arbitrary script...

PT-2025-31483 · Powercms · Powercms

Name of the Vulnerable Software and Affected Versions: PowerCMS affected versions not specified Description: A reflected cross-site scripting issue exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed in the browser...

CVE-2025-26064

A cross-site scripting XSS vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a connnected device...

Totolink

It is an offensive tool for routers. Exploit module/toolkit targ...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Important: git

Issue Overview: When a user clones an untrusted repository and runs Gitk without additional command arguments, any writable file can be created and truncated. The option "Support per-file encoding" must have been enabled. The operation "Show origin of this line" is affected as well, regardless of...

RockyLinux 9 : libreoffice (RLSA-2025:3408)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:3408 advisory. libreoffice: Macro URL arbitrary script execution CVE-2025-1080 Tenable has extracted the preceding description block directly from the RockyLinux security...

RLSA-2025:3408 Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

git security update

An update is available for git. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Git is a distributed revision control system with a decentralized architecture. A...

CVE-2025-45406

A stored cross-site scripting XSS vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbartime parameter. NOTE: this is disputed by the Supplier because attackers cannot influence the value of debugbartime, and...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-17110)

Adobe Experience Manager is an enterprise-grade content management solution from Adobe designed to help companies efficiently build, manage and deliver multi-channel digital content and personalized experiences. Adobe Experience Manager suffers from a cross-site scripting vulnerability that stems...

Simopro Technology WinMatrix3 Cross-Site Scripting Vulnerability

Simopro Technology WinMatrix3 is an IT resource management system for enterprise-class computer asset management, endpoint security control and IT operations management. Simopro Technology WinMatrix3 suffers from a cross-site scripting vulnerability that stems from the application's lack of...

WordPress User Registration Plugin Cross-Site Scripting Vulnerability

WordPress User Registration Plugin is a plugin for extending the functionality of WordPress, mainly used to create custom user registration forms, manage user accounts and implement membership features. WordPress User Registration Plugin suffers from a cross-site scripting vulnerability that stem...

WordPress Qwizcards plugin cross-site scripting vulnerability

WordPress Qwizcards plugin is a plugin for the WordPress platform that is mainly used to create online quiz question and answer test and flashcard flashcard content. WordPress Qwizcards plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

CVE-2025-45406

A stored cross-site scripting XSS vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbartime parameter. NOTE: this is disputed by the Supplier because attackers cannot influence the value of debugbartime, and...

NewStart CGSL MAIN 7.02 : httpd Multiple Vulnerabilities (NS-SA-2025-0132)

The remote NewStart CGSL host, running version MAIN 7.02, has httpd packages installed that are affected by multiple vulnerabilities: - Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications...

GHSA-269J-37WW-CMH3 Mezzanine CMS vulnerable to Cross-site Scripting

A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...

gitk: git script execution flaw

There's a vulnerability in gitk where an user can be tricked to run malicious scripts supplied by the attacker when running gitk filename command. When successfully exploited this vulnerability may result in arbitrary code execution...

CVE-2025-51396

A stored cross-site scripting XSS vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter...