6239 matches found
CVE-2025-46848
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-46918
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-46922
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-4417
CVE-2025-4417 – AVEVA PI Connector for CygNet Affected product: AVEVA PI Connector for CygNet, version 1.6.14 and prior. Vulnerability: Cross-site scripting (XSS) that, if exploited, could let an administrator with local access to the connector admin portal persist arbitrary JavaScript code to be...
CVE-2025-2918
The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
TOTOLINK A3002RU NAT Mapping Page Component Cross-Site Scripting Vulnerability
TOTOLINK A3002RU is a wireless router product from China's Gion Electronics TOTOLINK. The TOTOLINK A3002RU suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the NAT Mapping Page component parameter Comment, for...
TOTOLINK A3002RU MAC Filtering Page Component Cross-Site Scripting Vulnerability
TOTOLINK A3002RU is a wireless router product from China's Gion Electronics TOTOLINK. A cross-site scripting vulnerability exists in the TOTOLINK A3002RU, which stems from the lack of effective filtering and escaping of user-supplied data by the MAC Filtering Page component parameter Comment, for...
X2000R URL Address Parameter Cross-Site Scripting Vulnerability at Gion Electronics (Shenzhen) Co.
The X2000R is a wireless router from China's Gion Electronics TOTOLINK. Ltd. X2000R version 1.0.0-B20230726.1108 suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter URL Address, which can be exploite...
CVE-2025-47080
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-47055
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-46984
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-46954
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-46912
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-46905
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-46917 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-46954
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields that could allow a low-privileged attacker to inject malicious JavaScript executed in a victim’s browser. The available connected documents identify the...
CVE-2025-47091
CVE-2025-47091 affects Adobe Experience Manager versions 6.5.22 and earlier, with a stored XSS flaw in vulnerable form fields. A low-privileged attacker can inject malicious scripts, which may execute in a victim’s browser when they load the page containing the vulnerable field. The CVSS vector i...
CVE-2025-46989 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-46989 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-46905 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...