IBM Maximo Asset Management 跨站脚本漏洞

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...

CVE-2024-53568

A stored cross-site scripting XSS vulnerability in the Image Upload section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the tag parameter...

CVE-2023-44753

A stored cross-site scripting XSS vulnerability fin Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter on the profile.php page...

CVE-2023-43378

A cross-site scripting XSS vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento11 parameter...

CVE-2024-53568

A stored cross-site scripting XSS vulnerability in the Image Upload section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the tag parameter...

PT-2025-17585 · Unknown · Volmarg Personal Management System

Name of the Vulnerable Software and Affected Versions: Volmarg Personal Management System version 1.4.65 Description: A stored cross-site scripting XSS issue exists in the New Goal Creation section, allowing authenticated attackers to execute arbitrary web scripts or HTML by injecting a crafted...

CVE-2023-43378

A cross-site scripting XSS vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento11 parameter...

CVE-2023-44753

A stored cross-site scripting XSS vulnerability fin Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter on the profile.php page...

CVE-2025-29660

A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...

CVE-2025-29660

A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...

CVE-2024-41446

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...

Cross-Site Scripting

yiisoft/yii is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability is due to in specific scenarios where the fallback error renderer is used, allowing an attacker to execute arbitrary scripts in the context of the user’s browser...

CVE-2025-29660

A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...

CVE-2025-29660

A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...

CVE-2025-28102

A cross-site scripting XSS vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost...

CVE-2024-41446

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...

CVE-2025-28102

FlaskBlog v2.6.1 is affected by a cross-site scripting (XSS) vulnerability exposed via the postContent parameter at /createpost. The issue stems from allowing arbitrary script/HTML injection, enabling attackers to run client-side code. Available connected reports confirm the affected software ver...

PT-2025-17441 · Yi · Yi Iot Xy-3820

Name of the Vulnerable Software and Affected Versions: Yi IOT XY-3820 version 6.0.24.10 Description: A vulnerability exists in the daemon process of the Yi IOT XY-3820, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary...

CVE-2025-29660

The CVE-2025-29660 vulnerability affects Yi IOT XY-3820, firmware v6.0.24.10, in the daemon that listens on TCP port 6789. The issue stems from improper input validation, allowing directory traversal via crafted TCP requests, which permits remote unauthenticated execution of arbitrary scripts on ...

Alkacon OpenCMS stored cross-site scripting (XSS) vulnerability

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...