LibreOffice Arbitrary Script Execution Vulnerability (Mar 2025) - Linux

LibreOffice is prone to an arbitrary script execution vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Linux Distros Unpatched Vulnerability : CVE-2022-3140

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command'...

CVE-2025-1080 Macro URL arbitrary script execution

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with...

Cross-Site Scripting (XSS)

tarteaucitronjs is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient input sanitization and improper handling of dynamic content in the getElemWidth and getElemHeight functions, allowing malicious scripts to be injected and executed...

CVE-2024-50705

CVE-2024-50705 describes an unauthenticated reflected cross-site scripting (XSS) in Uniguest Tripleplay prior to version 24.2.1. The vulnerability allows remote attackers to execute arbitrary scripts via the page parameter when a user loads a crafted URL, potentially compromising the affected use...

CVE-2025-0555

A Cross Site Scripting XSS vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions...

CVE-2025-0555

CVE-2025-0555 is a Cross-Site Scripting (XSS) vulnerability in GitLab-EE affecting all 16.6+ releases up to but not including 17.7.6, 17.8 up to not including 17.8.4, and 17.9 up to not including 17.9.1. The issue allows an attacker to bypass security controls and run arbitrary scripts in a user’...

CVE-2025-0555 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

A Cross Site Scripting XSS vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions...

CVE-2025-0555 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

A Cross Site Scripting XSS vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions...

CVE-2025-27585

Technical details about CVE-2025-27585 are not provided in the connected documents. Please monitor for updates.

CVE-2025-27400

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerability that allows script execution in the admi...

CVE-2025-27400

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerability that allows script execution in the admi...

CVE-2025-27400

Summary: CVE-2025-27400 affects OpenMage/magento-lts (Magento LTS) with a stored XSS in the admin panel via the Design > Themes > Skin (Images / CSS) config field. Affected versions: prior to 20.12.3 and prior to 20.13.0 contain the vulnerability (one source notes 20.13.1 as patched in some...

CVE-2025-27400 Magento vulnerable to stored XSS in theme config fields

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerability that allows script execution in the admi...

CVE-2025-27400 Magento vulnerable to stored XSS in theme config fields

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerability that allows script execution in the admi...

CVE-2025-25825

A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category section...

TRENDnet TEW-929DRU 安全漏洞

The TRENDnet TEW-929DRU is a wireless router from TRENDnet. The TRENDnet TEW-929DRU suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the ssid key of the wifidata parameter on the /captiveportal.htm page, which...

Trendnet TEW-929DRU 安全漏洞

The TRENDnet TEW-929DRU is a wireless router from TRENDnet. The TRENDnet TEW-929DRU suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the configname parameter of the /cbiaddcert.htm page, which can be exploited ...

PT-2025-9112 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento Long Term Support LTS versions prior to 20.12.3 Magento Long Term Support LTS versions prior to 20.13.1 Description: The issue allows script execution in the admin panel, potentially leading to cross-site scripting against authenticat...

CVE-2025-20116

A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper input validation in the web...