Silverstripe Framework has a XSS via insert media remote file oembed

Impact When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website...

CVE-2024-53563

A stored cross-site scripting XSS vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

CVE-2025-22996

A stored cross-site scripting XSS vulnerability in the spftablecontent component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter...

GestioIP 安全漏洞

GestioIP is a web-based IPv4/IPv6 address management software from GestioIP. A security vulnerability exists in GestioIP version v3.5.7, which stems from susceptibility to reflective cross-site scripting attacks XSS that could lead to execution of malicious scripts or data disclosure by an attack...

CVE-2024-53563

The CVE-2024-53563 entry concerns Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10, reporting a stored XSS vulnerability in the device’s web interface that allows an attacker to inject a crafted payload to execute arbitrary web scripts or HTML. The documents consistently identify the affected product...

CVE-2025-22997

The CVE-2025-22997 entry concerns a stored XSS in Linksys E5600 Router (up to version 1.1.0.26) via the PRF_Table_content component, where a crafted payload in the desc parameter can execute arbitrary scripts. Affected product: Linksys E5600 Router (firmware 1.1.0.26 and earlier). Root cause: lac...

CVE-2025-22996

Linksys E5600 Router firmware version 1.1.0.26 contains a stored XSS in the spf_table_content component (desc parameter). Root cause: improper handling of input in spf_table_content leading to injected web scripts/HTML. Impact per sources: potential execution of arbitrary scripts/HTML in the web ...

CVE-2025-23031 Cross-Site Scripting (XSS) Stored endpoint 'adicionar_alergia.php' parameter 'nome' in WeGIA

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionaralergia.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in...

PT-2025-4599 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.6 Description: A Stored Cross-Site Scripting XSS vulnerability was identified in the informacao adicional.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into...

CVE-2024-55494

A PHP Code Injection vulnerability that can lead to Remote Code Execution RCE and XSS in Opencode Mobile Collect Call v5.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the opfunc parameter at /occontrolpanel/index.php...

CVE-2024-42898

A cross-site scripting XSS vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page...

CVE-2024-55494

CVE-2024-55494 affects Opencode Mobile Collect Call v5.4.7. A PHP Code Injection vulnerability allows an attacker to inject code via a crafted payload into the op_func parameter at /occontrolpanel/index.php, enabling potential Remote Code Execution and XSS. The issue is documented across multiple...

Opencode Mobile Collect Call 安全漏洞

Opencode Mobile Collect Call is a mobile payphone solution from Opencode. A security vulnerability exists in Opencode Mobile Collect Call version v5.4.7. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected into the opfunc...

CVE-2024-55494

A PHP Code Injection vulnerability that can lead to Remote Code Execution RCE and XSS in Opencode Mobile Collect Call v5.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the opfunc parameter at /occontrolpanel/index.php...

CVE-2025-20166 Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied...

CVE-2025-21603

Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when accessing a crafted URL...

CVE-2025-21603

Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when accessing a crafted URL...

CVE-2025-21603

CVE-2025-21603 affects PLANEX MZK-DP300N routers (firmware v1.05 and earlier). The issue is a cross-site scripting flaw (CWE-79) in the web interface, allowing an attacker who has logged in to manipulate device settings to trigger arbitrary script execution in the logged-in user’s browser via a c...

CVE-2025-22395

Dell Update Package Framework, versions prior to 22.01.02, contains a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of...

WordPress plugin formafzar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin formafzar...