CVE-2025-22997

The CVE-2025-22997 entry concerns a stored XSS in Linksys E5600 Router (up to version 1.1.0.26) via the PRF_Table_content component, where a crafted payload in the desc parameter can execute arbitrary scripts. Affected product: Linksys E5600 Router (firmware 1.1.0.26 and earlier). Root cause: lac...

LightPicture 代码注入漏洞

LightPicture is an enterprise/team/personal image resource management system, picture bed system. LightPicture cross-site scripting vulnerability , the vulnerability stems from the file/api/upload parameter file on the user-supplied data lack of effective filtering and escaping , an attacker can...

JetBrains TeamCity Image Name Cross-Site Scripting Vulnerability

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A cross-site scripting vulnerability exists in...

Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting

Reflected cross-site scripting XSS vulnerability in Liferay Portal 7.1.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38, 7.3 GA through update 36, 7.2 GA through fix pack 20 and 7.1 GA through fix pack 28 allows remote attackers to execute arbitrary web script or HTML via Dispatch nam...

CVE-2024-11993

Reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field...

CVE-2024-53470

Multiple stored cross-site scripting XSS vulnerabilities in the component /configuracao/gatewaypagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter...

CVE-2024-48068

CVE-2024-48068 concerns a cross-site scripting (XSS) vulnerability in Shenzhen Landray Software Co., LTD Landray EKP v16 and earlier. The issue allows an attacker to execute arbitrary web scripts or HTML via a crafted payload. Affected product: Landray EKP v16 and earlier (Office automation solut...

pfSense 跨站脚本漏洞

pfSense is a set of network firewalls based on FreeBSD Linux. A security vulnerability exists in pfSense version v2.5.2, which stems from vulnerability to cross-site scripting attacks and allows an attacker to execute arbitrary web script or HTML via a crafted payload...

CVE-2024-46333

An authenticated cross-site scripting XSS vulnerability in Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Album Name parameter under the Add Album function...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-37806)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-37807)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

ZZCMS content parameter cross-site scripting vulnerability

ZZCMS is a content management system CMS by the ZZCMS team in China. A cross-site scripting vulnerability exists in ZZCMS v2023, which originates from the lack of effective filtering and escaping of user-supplied data in the content parameter of /user/askedit.php?action=add, which can be exploite...

Mini Inventory and Sales Management System 安全漏洞

Mini Inventory and Sales Management System is a small inventory and sales management system written in PHP CodeIgniter framework that supports MySQL and Sqlite3 databases. A security vulnerability exists in Mini Inventory and Sales Management System. An attacker can exploit this vulnerability to...

Concrete CMS Cross-Site Scripting Vulnerability

Concrete CMS is Concrete CMS open source a team-oriented open source content management system . Concrete CMS cross-site scripting vulnerability , the vulnerability stems from the getAttributeSetName function of the user-supplied data lack of effective filtering and escaping , an attacker can...

Microweber add_tagging_tagged.php file cross-site scripting vulnerability

Microweber is Microweber open source can provide drag and drop functionality of the online store management system . The system includes adding products , images and other modules. microweber version 2.0.16 cross-site scripting vulnerability , the vulnerability stems from...

CVE-2024-40739

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/add...

CVE-2024-40734

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/add/...

SimpCMS Cross-Site Scripting Vulnerability

SimpCMS is an easy-to-use CMS based on PureEdit. A cross-site scripting vulnerability exists in SimpCMS version 0.1, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary web script or HTML via a...

Moodle Cross-Site Scripting Vulnerability (CNVD-2024-48100)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. Moodle suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-30838)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...