D-Link Nuclias Connect 安全漏洞

D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. D-Link Nuclias Connect suffers from a cross-site scripting vulnerability that stems from the application...

WordPress plugin WP BookWidgets 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin WP BookWidgets cross-site scripting vulnerability , the vulnerability stems fr...

CVE-2025-62366

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated content is supplied. The function attempts t...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization of the name field in entities. An attacker can execute arbitrary JavaScript in the context of other users' sessions by injecting malicious code into the name field, which is then render...

Centreon 安全漏洞

Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. Centreon cross-site scripting vulnerability , the vulnerability stems from the lack of effective...

Adobe Commerce 跨站脚本漏洞

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

CVE-2025-60374

Stored Cross-Site Scripting XSS in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A...

PT-2025-41969

Name of the Vulnerable Software and Affected Versions mailgen versions through 2.0.30 Description mailgen is a Node.js package used to generate responsive HTML e-mails. Versions through 2.0.30 have an issue where the generatePlaintext function does not properly remove encoded HTML entities from...

EUVD-2025-34046

A stored Cross-site Scripting XSS vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

EUVD-2025-34047

A stored Cross-site Scripting XSS vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-10558 Stored Cross-site Scripting (XSS) vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x

A stored Cross-site Scripting XSS vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-10556

ENOVIA Specification Manager (3DEXPERIENCE) is affected by a stored XSS in the Specification Management module, impacting releases from R2023x through R2025x. The root cause is improper handling of user-supplied data in the web UI, enabling an attacker to execute arbitrary script code in a victim...

PT-2025-41768

Name of the Vulnerable Software and Affected Versions 3DSearch on 3DSwymer versions prior to 3DEXPERIENCE R2025x Description A stored Cross-site Scripting XSS issue exists in 3DSearch within 3DSwymer. This allows an attacker to execute arbitrary script code within a user’s browser session...

PT-2025-41766

Name of the Vulnerable Software and Affected Versions ENOVIA Specification Manager versions 3DEXPERIENCE R2023x through 3DEXPERIENCE R2025x Description A stored Cross-site Scripting XSS issue exists in Specification Management within ENOVIA Specification Manager. This allows an attacker to execut...

WordPress Eulerpool Research Systems plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Eulerpool Research Systems plugin that stems from a lack of valid filtering and escaping of the aaq shortcode, which...

WordPress dbview plugin cross-site scripting vulnerability

WordPress dbview plugin is a plugin for database query and display , developed by John Akers. The plugin through AJAX technology to achieve real-time query and dynamic display of database data , support for the direct execution of SQL statements and visual presentation of the results . WordPress...

WordPress Easy Elementor Addons plugin cross-site scripting vulnerability

The WordPress Elementor Addons plugin is a plugin that extends the Elementor page builder functionality and enhances site design capabilities by providing additional widgets and styles. A cross-site scripting vulnerability exists in the WordPress Easy Elementor Addons plugin, which stems from the...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23567)

AndSoft e-TMS is a logistics management software from AndSoft Spain. A cross-site scripting vulnerability exists in AndSoft e-TMS, which stems from the lack of effective filtering and escaping of user-supplied data in the parameter l of /clt/resetPassword.asp, which can be exploited by an attacke...

WordPress Auto Bulb Finder plugin cross-site scripting vulnerability

WordPress Auto Bulb Finder plugin is a plugin for quickly checking vehicle bulb models in a WordPress website, supporting the retrieval of appropriate auto bulb specifications by year, make, model and other information. The WordPress Auto Bulb Finder plugin suffers from a cross-site scripting...

WordPress All Social Share Options plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress All Social Share Options plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of sc...