SUSE CVE-2012-0271

Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent GWIA in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a...

Security Bulletin: Due to use of apache.felix.webconsole, IBM webMethods BPM is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability

Summary IBM webMethods BPM is using apache.felix.webconsole. Vulnerability Details CVEID:CVE-2025-25247 DESCRIPTION: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to...

Security Bulletin: Due to use of apache.felix.webconsole, IBM webMethods BPM is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability

Summary IBM webMethods BPM is using apache.felix.webconsole. Vulnerability Details CVEID:CVE-2025-25247 DESCRIPTION: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to...

CVE-2025-12776

The Report Builder component of the application stores user input directly in a web page and displays it to other users, which raised concerns about a possible Cross-Site Scripting XSS attack. Proper management of this functionality helps ensure a secure and seamless user experience. Although the...

CVE-2022-42467

When running in prototype mode, the h2 webconsole module accessible from the Prototype menu is automatically made available with the ability to directly query the database. It was felt that it is safer to require the developer to explicitly enable this capability. As of 2.0.0-M8, this can now be...

EUVD-2025-206259

The Report Builder component of the application stores user input directly in a web page and displays it to other users, which raised concerns about a possible Cross-Site Scripting XSS attack. Proper management of this functionality helps ensure a secure and seamless user experience. Although the...

CVE-2025-12776

The Report Builder component of the application stores user input directly in a web page and displays it to other users, which raised concerns about a possible Cross-Site Scripting XSS attack. Proper management of this functionality helps ensure a secure and seamless user experience. Although the...

CVE-2025-12776

The Report Builder component of the application stores user input directly in a web page and displays it to other users, which raised concerns about a possible Cross-Site Scripting XSS attack. Proper management of this functionality helps ensure a secure and seamless user experience. Although the...

CVE-2025-12776 Stored Cross-Site Scripting

The Report Builder component of the application stores user input directly in a web page and displays it to other users, which raised concerns about a possible Cross-Site Scripting XSS attack. Proper management of this functionality helps ensure a secure and seamless user experience. Although the...

CVE-2025-12776 Stored Cross-Site Scripting

The Report Builder component of the application stores user input directly in a web page and displays it to other users, which raised concerns about a possible Cross-Site Scripting XSS attack. Proper management of this functionality helps ensure a secure and seamless user experience. Although the...

PT-2026-1700

Name of the Vulnerable Software and Affected Versions WebConsole affected versions not specified Description The Report Builder component stores user input directly into a web page and displays it to other users, potentially leading to a Cross-Site Scripting XSS attack. The scripts are executed...

Commvault WebConsole 安全漏洞

Commvault WebConsole is a web-based management platform from Commvault USA. A security vulnerability exists in Commvault WebConsole that originates from storing user input directly in a web page, which could lead to a cross-site scripting attack...

BIT-ACTIVEMQ-2020-1941

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue...

EUVD-2019-0185

Malware in sbrugna...

EUVD-2020-0419

Malware in sbrugna...

EUVD-2024-53952

Malicious code in bioql PyPI...

EUVD-2023-44256

Malicious code in bioql PyPI...

EUVD-2025-7206

Malicious code in bioql PyPI...

EUVD-2025-4096

Malicious code in bioql PyPI...

The vulnerability of the Apache Felix HTTP Webconsole plugin, which stems from the lack of protective measures for website structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of the Apache Felix HTTP Webconsole plugin is related to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...