CVE-2025-29691

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at /login/LoginsController.java...

Alibaba Cloud Linux 3 : 0162: httpd:2.4 (ALINUX3-SA-2024:0162)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0162 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-38476: Vulnerability in core of Apache HTT...

CVE-2025-30315 Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing t...

git: The sideband payload is passed unfiltered to the terminal in git

A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with "remote:" and printed directly to the standard error output. Typically, thi...

CVE-2025-30009

he Live Auction Cockpit in SAP Supplier Relationship Management SRM uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute malicious script in the victim�s browser. This vulnerability has low impact on confidentiality and...

CVE-2025-30009

CVE-2025-30009 affects the SAP Supplier Relationship Management (SRM) Live Auction Cockpit. The issue stems from a deprecated Java applet in affected SRM packages, allowing an unauthenticated attacker to execute malicious script in the victim’s browser. Reported impact is limited to the victim’s ...

SAP Supplier Relationship Management 跨站脚本漏洞

SAP Supplier Relationship Management Master Data Management Catalog is a system for managing supplier relationships that provides master data management functionality. A cross-site scripting vulnerability exists in SAP Supplier Relationship Management Master Data Management Catalog that allows an...

CVE-2025-46749

An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution...

CVE-2025-46749 Improper Neutralization of Input

An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution...

CVE-2025-46749 Improper Neutralization of Input

An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution...

Cross-site Scripting (XSS)

Overview org.webjars.npm:trix is a Rich Text Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the copy and paste functionality. An attacker can execute arbitrary JavaScript code within the user's session by tricking a user into pasting malicious content...

RLSA-2024:4242 Moderate: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

RLSA-2025:2868 Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

libreoffice security update

An update is available for libreoffice. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibreOffice is an open source, community-developed office productivity...

CVE-2025-45236

A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...

TOTOLINK N150RT IP Port Filtering Component Cross-Site Scripting Vulnerability

The TOTOLINK N150RT is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N150RT version 3.4.0-B20190525 suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the IP Port Filtering component, whi...

IBM Operational Decision Manager Cross-Site Scripting Vulnerability

IBM Operational Decision Manager is a decision management solution from International Business Machines IBM used to help organizations better manage and enforce business rules and decisions. IBM Operational Decision Manager suffers from a cross-site scripting vulnerability that stems from the...

Wiesemann & Theis Web-IO 跨站脚本漏洞

Wiesemann & Theis Web-IO is a Wiesemann & Theis component for small to medium-sized remote IO and monitoring applications over TCP/IP Ethernet. A cross-site scripting vulnerability exists in Wiesemann & Theis Web-IO that originates from a configuration web page where multiple fields can be inject...

CVE-2025-45236

A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...

CVE-2025-45236

A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...