Sulu XSS Vulnerability (GHSA-255w-87rh-rg44)

Sulu is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sulu:sulu"; if...

Fedora: Security Advisory (FEDORA-2025-c7f4367479)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-63872

DeepSeek V3.2 has a Cross Site Scripting XSS vulnerability, which allows JavaScript execution through model-generated SVG content...

CVE-2025-63872

DeepSeek V3.2 has a Cross Site Scripting XSS vulnerability, which allows JavaScript execution through model-generated SVG content...

RLSA-2025:22394 Moderate: qt6-qtsvg security update

Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices. Security Fixes: qtsvg: Uncontrolled recursion in Qt SVG module CVE-2025-10728 For more details...

CVE-2025-64704

WebAssembly Micro Runtime WAMR is a lightweight standalone WebAssembly Wasm runtime. Prior to version 2.4.4, WAMR is susceptible to a segmentation fault in v128.store instruction. This issue has been patched in version 2.4.4...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via incomplete sanitization of certain SVG and MathML attributes, including xlink:href, math|href, as well as the attributeName attribute of SVG animation elements when it is bound to href or xlink:href. An...

Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain...

CVE-2025-63534

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and...

CVE-2025-63872

DeepSeek V3.2 has a Cross Site Scripting XSS vulnerability, which allows JavaScript execution through model-generated SVG content...

CVE-2025-63872

DeepSeek V3.2 has a Cross Site Scripting XSS vulnerability, which allows JavaScript execution through model-generated SVG content...

CVE-2025-66403

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 2.2.3, a stored cross-site scripting XSS vulnerability exists in the Filerise application due to improper handling of uploaded SVG files. The application accepts user-supplied SVG...

CVE-2025-66412 Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the...

CVE-2025-66403

FileRise is affected by a stored XSS vulnerability caused by improperly sanitized SVG uploads. Prior to version 2.2.3, uploaded SVGs could contain inline JavaScript or event-based payloads that would be rendered in the application, executing in the origin context. The issue is resolved in version...

CVE-2025-66403 FileRise Vulnerable to Stored XSS via SVG Upload

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 2.2.3, a stored cross-site scripting XSS vulnerability exists in the Filerise application due to improper handling of uploaded SVG files. The application accepts user-supplied SVG...

EUVD-2025-200112

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 2.2.3, a stored cross-site scripting XSS vulnerability exists in the Filerise application due to improper handling of uploaded SVG files. The application accepts user-supplied SVG...

CVE-2025-66403 FileRise Vulnerable to Stored XSS via SVG Upload

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 2.2.3, a stored cross-site scripting XSS vulnerability exists in the Filerise application due to improper handling of uploaded SVG files. The application accepts user-supplied SVG...

EUVD-2025-200093

mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly...

EUVD-2025-200090

Todoist v8896 is vulnerable to Cross Site Scripting XSS in /api/v1/uploads. Uploaded SVG files have no sanitization applied, so embedded JavaScript executes when a user opens the attachment from a task/comment...

CVE-2025-63317

Todoist v8896 is vulnerable to Cross Site Scripting XSS in /api/v1/uploads. Uploaded SVG files have no sanitization applied, so embedded JavaScript executes when a user opens the attachment from a task/comment...