TRENDnet TEW-929DRU /addschedule.htm page cross-site scripting vulnerability

The TRENDnet TEW-929DRU is a wireless router from TRENDnet. The TRENDnet TEW-929DRU version 1.0.0.10 suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the rname variable within the havesamename function on...

Online Class and Exam Scheduling System profile.php file cross-site scripting vulnerability

Online Class and Exam Scheduling System is an online class and exam scheduling system. Online Class and Exam Scheduling System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter username in the file...

CVE-2024-55060

A cross-site scripting XSS vulnerability in the component index.php of Rafed CMS Website v1.44 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

WordPress plugin amoCRM WebForm 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress plugin amoCR...

FreeBSD : libreoffice -- Macro URL arbitrary script execution (a86f9189-fdd9-11ef-91ff-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a86f9189-fdd9-11ef-91ff-b42e991fc52e advisory. [email protected] reports: LibreOffice supports Office URI Schemes to enable browser...

SAP Business Objects Business Intelligence Platform 跨站脚本漏洞

SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP. SAP Business Objects Business Intelligence Platform suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

CVE-2025-25925

A stored cross-scripting XSS vulnerability in Openmrs v2.4.3 Build 0ff0ed allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the personName.middleName parameter at /openmrs/admin/patients/shortPatientForm.form...

CVE-2025-25908

A stored cross-site scripting XSS vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save...

CVE-2025-25908

A stored cross-site scripting XSS vulnerability in tianti v2.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the coverImageURL parameter at /article/ajax/save...

GHSA-WF6C-HRHF-86CW NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page

Summary The API endpoint related to the password reset function is vulnerable to Reflected Cross-Site-Scripting. Details Throughout the source-code analysis, it has been found that the endpoint /api/v1/db/auth/password/reset/:tokenId is vulnerable to Reflected Cross-Site-Scripting. The flaw occur...

CVE-2024-50705

Unauthenticated reflected cross-site scripting XSS vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter...

CVE-2025-20208

CVE-2025-20208 is a reported cross-site scripting (XSS) vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS). The flaw stems from insufficient input validation in a data field of the web UI, enabling a low-privileged, remote attacker to inject script co...

Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS could allow a low-privileged, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based...

BIT-GITLAB-2025-0555 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

A Cross Site Scripting XSS vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions...

CVE-2025-25949

A stored cross-site scripting XSS vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System SIS EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the User ID parameter at /rest/staffResource/update...

CVE-2025-27585

A stored cross-site scripting XSS vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System SIS EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Print Name parameter at /rest/staffResource/update...

Linux Distros Unpatched Vulnerability : CVE-2024-3044

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execut...

LibreOffice Arbitrary Script Execution Vulnerability (Mar 2025) - Windows

LibreOffice is prone to an arbitrary script execution vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Linux Distros Unpatched Vulnerability : CVE-2022-24735

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior t...

LibreOffice Arbitrary Script Execution Vulnerability (Mar 2025) - Mac OS X

LibreOffice is prone to an arbitrary script execution vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...