CVE-2025-25939

Reprise License Manager 14.2 is vulnerable to reflected cross-site scripting in /goform/activateprocess via the akey parameter...

CVE-2025-1830 zj1983 zz Customer Information cross site scripting

A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as problematic. This issue affects some unknown processing of the component Customer Information Handler. The manipulation of the argument Customer Name leads to cross site scripting. The attack may be initiated remotely. The...

cmucia.cmu.edu.tw Cross Site Scripting vulnerability OBB-4031483

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

arlette1950.centerblog.net Cross Site Scripting vulnerability OBB-4031464

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

nodjuajohnson.shop Cross Site Scripting vulnerability OBB-4031320

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2025-25916

wuzhicms v4.1.0 has a Cross Site Scripting XSS vulnerability in del function in \coreframe\app\member\admin\group.php...

Formwork has a cross-site scripting (XSS) vulnerability in Site title

Summary The site title field at /panel/options/site/allows embedding JS tags, which can be used to attack all members of the system. This is a widespread attack and can cause significant damage if there is a considerable number of users. Impact The attack is widespread, leveraging what XSS can do...

weble.ch Cross Site Scripting vulnerability OBB-4030950

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-53408

AVE System Web Client v2.1.131.13992 was discovered to contain a cross-site scripting XSS vulnerability...

CVE-2025-26939

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Counters Block counters-block allows Stored XSS.This issue affects Counters Block: from n/a through = 1.1.2...

CVE-2025-26981

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in accessiBe Web Accessibility By accessiBe accessibe allows Reflected XSS.This issue affects Web Accessibility By accessiBe: from n/a through = 2.5...

CVE-2024-53408

The set of connected records confirms CVE-2024-53408 affects AVE System Web Client, version 2.1.131.13992, with a cross-site scripting (XSS) vulnerability. The core detail available across sources is the existence of an XSS flaw in AVE System Web Client v2.1.131.13992; no explicit root-cause tech...

PT-2025-8921

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description A reflected cross-site scripting XSS issue exists due to improper input validation, allowing an attacker to inject malicious JavaScript into server responses from vulnerable service...

CVE-2025-27341

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in afzaldu Reactive Mortgage Calculator reactive-mortgage-calculator allows Stored XSS.This issue affects Reactive Mortgage Calculator: from n/a through = 1.1...

CVE-2025-27266

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ignacio Perez Hover Image Button hover-image-button allows DOM-Based XSS.This issue affects Hover Image Button: from n/a through = 1.1.2...

CVE-2025-0719 IBM Cloud Pak for Data cross-site scripting

IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste...

CVE-2025-25823

A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the article header at /admin/article.php...

GHSA-HW62-58PR-7WC5 DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace

!NOTE This advisory was originally emailed to [email protected] by @nsysean. To sum it up, the use of javascript's .replace opens up to potential XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from solid-meta are...

Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS)

Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. For instance, ?text= would trigger XSS here. js const text = createResource = return new...

CVE-2025-26980

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wired Impact Wired Impact Volunteer Management wired-impact-volunteer-management allows Stored XSS.This issue affects Wired Impact Volunteer Management: from n/a through = 2.5...