Rail Pass Management System /contact.php file cross-site scripting vulnerability

Rail Pass Management System is a rail pass management system. A cross-site scripting vulnerability exists in Rail Pass Management System due to improper handling of the parameter Name in the /contact.php file. The vulnerability can be exploited by an attacker to execute malicious scripts on an...

Rail Pass Management System /admin/aboutus.php file cross-site scripting vulnerability

Rail Pass Management System is a rail pass management system. The Rail Pass Management System suffers from a cross-site scripting vulnerability that occurs due to unfiltered pagedes parameters of an unknown function in the /admin/aboutus.php file. The vulnerability can be exploited by an attacker...

OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer

XSS via .py file containing script tag interpreted as HTML Summary A vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in tags may be interpreted and executed as HTML in certain modes. This leads to ...

CVE-2025-45661

A cross-site scripting XSS vulnerability in miniTCG v1.3.1 beta allows attackers to execute abritrary web scripts or HTML via injecting a crafted payload into the id parameter at /members/edit.php...

firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Error handling for script execution is incorrectly isolated from web content, which could allow cross-origin leak attacks...

WordPress Backup and Staging by WP Time Capsule plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Backup and Staging by WP Time Capsule plugin that stems from improper input neutralization and can be exploited by a...

Astra Linux – Vulnerability in Git

Gitk is a Tcl/Tk-based Git history browser. Starting with version 2.41.0, a Git repository can be manipulated in such a way that, through some social engineering, a user who has cloned the repository can be tricked into running any script e.g., Bourne shell, Perl, Python, ... provided by the...

firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Error handling for script execution is incorrectly isolated from web content, which could allow cross-origin leak attacks...

firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Error handling for script execution is incorrectly isolated from web content, which could allow cross-origin leak attacks...

firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Error handling for script execution is incorrectly isolated from web content, which could allow cross-origin leak attacks...

firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Error handling for script execution is incorrectly isolated from web content, which could allow cross-origin leak attacks...

TencentOS Server 3: libreoffice (TSSA-2024:0293)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0293 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Dassault Systèmes Project Portfolio Manager 安全漏洞

Dassault Systèmes Project Portfolio Manager is an application from Dassault Systèmes France. It is responsible for developing and implementing the project portfolio management process. A security vulnerability exists in Dassault Systèmes Project Portfolio Manager that stems from a stored cross-si...

CVE-2025-49580

XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never be...

GHSA-JM43-HRQ7-R7W6 XWiki allows privilege escalation through link refactoring

Impact Pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never been executed. This vulnerability affects all version of XWiki since 8.2 and 7.4.5...

CVE-2025-49580 XWiki allows privilege escalation through link refactoring

XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never be...

CVE-2025-49580 XWiki allows privilege escalation through link refactoring

XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never be...

CVE-2025-49580

Summary of CVE-2025-49580 : XWiki platforms are affected by a privilege-escalation vulnerability where pages can gain script or programming rights if a link target is renamed or moved, potentially allowing execution of scripts in xobjects. Affected versions include 7.4.5 through 16.4.7 and 8.2 th...

CVE-2025-49580 XWiki allows privilege escalation through link refactoring

XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never be...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.11 MFSA 2025-46, bsc1243353: CVE-2025-5262: Double-free in libvpx encoder bmo1962421 CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content bmo1960745...