CVE-2024-55488

CVE-2024-55488 affects Umbraco CMS v14.3.1 via a stored XSS in the Rich Text/Document context. The root cause cited is the absence of HTML sanitization at the product level, with the vendor disputing exploitation only via authenticated, whitelisted users. Impact per sources is the ability to exec...

PT-2025-4838 · Ambari · Ambari

Name of the Vulnerable Software and Affected Versions: Ambari affected versions not specified Description: A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2025-1122)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of...

CVE-2025-23039

Caido is a web security auditing toolkit. A Cross-Site Scripting XSS vulnerability was identified in Caido v0.45.0 due to improper sanitization in the URL decoding tooltip of HTTP request and response editors. This issue could allow an attacker to execute arbitrary scripts, potentially leading to...

CVE-2025-23198 Stored-XSS-LibreNMS-Display-Name in librenms

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters Replace $DEVICEID with your specific $DEVICEID value:/device/$DEVICEID/edit - param: display. Librenms versions up to 24.10.1 allow remote attackers to inject...

CVE-2024-57776

A cross-site scripting XSS vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-57771

A cross-site scripting XSS vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

LibreNMS Misc Section Stored Cross-site Scripting vulnerability

StoredXSS-LibreNMS-MiscSection Description: Stored XSS on the parameter: ajaxform.php - param: state Request: http POST /ajaxform.php HTTP/1.1 Host: X-Requested-With: XMLHttpRequest X-CSRF-TOKEN: Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Cookie:...

LibreNMS Display Name 2 Stored Cross-site Scripting vulnerability

StoredXSS-LibreNMS-Display Name 2 Description: XSS on the parameters Replace $DEVICEID with your specific $DEVICEID value:/device/$DEVICEID/edit - param: display of Librenms versions 24.11.0 https://github.com/librenms/librenms allows remote attackers to inject malicious scripts. When a user view...

CVE-2024-57772

A cross-site scripting XSS vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

IBM CICS TX Advanced 跨站脚本漏洞

IBM CICS TX Advanced is a transaction processing monitoring system from International Business Machines IBM for running large-scale, high-transaction-volume applications in enterprise environments. IBM CICS TX Advanced suffers from a cross-site scripting vulnerability that stems from the...

JFinalOA 安全漏洞

JFinalOA is an enterprise office system developed on the JFinal framework by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01. An attacker exploiting this vulnerability could execute arbitrary web script or HTML via a specially crafted payloa...

CVE-2024-57774

CVE-2024-57774 describes a cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA prior to v2025.01.01. The underlying issue is input handling in that interface allowing crafted payloads to execute arbitrary script/HTML in a victim’s browser. Affecte...

CVE-2024-41453

A cross-site scripting XSS vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter...

CVE-2024-52005

CVE-2024-52005 affects Git via ANSI escape sequence injections in the sideband channel. A PoC demonstrates exploitation; affected versions include pre-2.48.1, 2.47.3, 2.46.5, 2.45.4, and 2.44.3. Impacts include hiding/misrepresenting output, fake security prompts, social‑engineering payloads, and...

CVE-2025-22997

A stored cross-site scripting XSS vulnerability in the prftablecontent component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter...

CVE-2024-41453

CVE-2024-41453 : In Process Maker pm4core-docker 4.1.21-RC7, a cross-site scripting (XSS) vulnerability exists via a crafted payload injected into the Name parameter. Red Hat entries also confirm CVE-2024-41454 as an arbitrary file upload vulnerability in the UI login page logo upload function, e...

CVE-2024-47605

silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payloa...

CVE-2024-47605 Cross-site Scripting via insert media remote file oembed in silverstripe-asset-admin

silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payloa...

Silverstripe Framework has a XSS via insert media remote file oembed

Impact When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website...