CVE-2025-12972 CVE-2025-12972

Fluent Bit outfile plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause...

Cross Site Scripting (XSS)

mautic/core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to unsanitized user-supplied input in the “Tags” field of the /s/ajax?action=lead:addLeadTags endpoint being reflected in the server response, which allows an attacker to execute arbitrary JavaScript in the victim’s...

PT-2024-21084 · Viewerjs · Viewerjs

Name of the Vulnerable Software and Affected Versions: ViewerJS version 0.5.8 Description: An issue was discovered in ViewerJS where a script from the component loads content via URL TAGs without properly sanitizing it, leading to both open redirection and out-of-band resource loading...