CVE-2025-53599

Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme...

CVE-2025-52462

Cross-site scripting vulnerability exists in Active! mail 6 BuildInfo: 6.30.01004145 to 6.60.06008562. If this vulnerability is exploited, an arbitrary script may be executed on the logged-in user's web browser when the user is accessing a specially crafted URL...

PT-2025-27875 · Unknown · Mndpsingh287 Frontend File Manager

Name of the Vulnerable Software and Affected Versions: mndpsingh287 Frontend File Manager versions n/d through 23.2 Description: The issue is related to improper neutralization of script-related HTML tags in a web page, which allows code injection. This is a basic XSS vulnerability...

PT-2025-27863 · Unknown · Whale Browser

Name of the Vulnerable Software and Affected Versions: Whale browser for iOS versions prior to 3.9.1.4206 Description: The issue allows an attacker to execute malicious scripts in the browser via a crafted JavaScript scheme. This can be achieved by manipulating a specific JavaScript scheme...

SUSE CVE-2005-1531

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using 1 a javascript: URL in a view-source: URL, 2 a javascript: URL in a...

Endress+Hauser MEAC300-FNADE4 安全漏洞

The Endress+Hauser MEAC300-FNADE4 is a cost-effective emissions data management computer from Endress+Hauser Vietnam. The Endress+Hauser MEAC300-FNADE4 suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied dat...

Streamline NX Client (XSS) (2025-000008)

The version of Streamline NX Client installed on the remote host is between 3.5.0 and 3.7.2. It is, therefore, affected by a reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an...

CVE-2025-41439

A reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an arbitrary script may be executed in the web browser of the user who accessed the product...

Multiple vulnerabilities in Active! mail

Overview Active! mail provided by QUALITIA CO., LTD. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2025-52462 Cross-site request forgery CSRF CWE-352 - CVE-2025-52463 Rintaro Fujita and Shoji Baba of GAKUSHUIN UNIVERSITY reported these vulnerabilities to IPA...

CVE-2025-52462

Cross-site scripting vulnerability exists in Active! mail 6 BuildInfo: 6.30.01004145 to 6.60.06008562. If this vulnerability is exploited, an arbitrary script may be executed on the logged-in user's web browser when the user is accessing a specially crafted URL...

CVE-2025-52462

CVE-2025-52462 is a Cross-site scripting vulnerability affecting Active! mail versions 6.30.01004145 through 6.60.06008562. The issue can allow arbitrary script execution in the logged-in user’s browser when visiting a specially crafted URL. Affected product: Active! mail. Remediation per multipl...

CVE-2025-34080 CONPROSYS HMI System (CHS) < 3.7.7 Reflected Cross-Site Scripting

The Contec Co.,Ltd. CONPROSYS HMI System CHS is vulnerable to Cross-Site Scripting XSS in the getqsetting.php functionality that could allow reflected execution of scripts in the browser on interaction.This issue affects CONPROSYS HMI System CHS: before 3.7.7...

Vulnerabilities fixed in Adobe Commerce

Adobe has fixed vulnerabilities in Adobe Commerce Versions 2.4.8 and earlier. The vulnerabilities are in Adobe Commerce's security mechanisms, allowing both high- and low-privileged attackers to bypass security measures. This can lead to unauthorized access to sensitive information and execution ...

CVE-2025-41439

A reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an arbitrary script may be executed in the web browser of the user who accessed the product...

CVE-2025-6705

The CVE-2025-6705 vulnerability affects the Eclipse Open VSX Registry, specifically its automated publishing system. The issue stems from build scripts executing without proper isolation, potentially exposing a privileged token that could be used to publish new extension versions under any namesp...

COVID19 Testing Management System /search-report-result.php File Code Injection Vulnerability

The COVID19 Testing Management System is a new crown pneumonia testing management system. COVID19 Testing Management System suffers from a code injection vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by parameter q in file...

Notice Board System manage-notices.php file cross-site scripting vulnerability

Notice Board System is a bulletin board system. Notice Board System has a cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the parameters Title/Description in the file /admin/manage-notices.php, which can be...

WordPress Elessi plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Elessi plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which...

WordPress Buying Buddy IDX CRM plugin Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Buying Buddy IDX CRM plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

WordPress Automatically Hierarchic Categories in Menu plugin Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Automatically Hierarchic Categories in Menu plugin, which stems from the application's lack of effective filtering a...