1734 matches found
CVE-2025-32785
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting XSS via the Address field in the Subscribed Lists group management section...
EUVD-2025-36367
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions 6.2.1 and earlier are vulnerable to reflected cross-site scripting XSS via a malformed URL path. The 404 error page includes t...
CVE-2025-53533 Pi-hole Admin Interface vulnerable to cross-site scripting via malformed URL path on 404 error page
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions 6.2.1 and earlier are vulnerable to reflected cross-site scripting XSS via a malformed URL path. The 404 error page includes t...
CVE-2025-53533 Pi-hole Admin Interface vulnerable to cross-site scripting via malformed URL path on 404 error page
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions 6.2.1 and earlier are vulnerable to reflected cross-site scripting XSS via a malformed URL path. The 404 error page includes t...
CVE-2025-53533
CVE-2025-53533 affects Pi-hole Admin Interface ≤ 6.2.1. It is a reflected XSS in the 404 page caused by including the requested path in the body tag’s class attribute without proper sanitization, enabling an attacker to craft a link with an onload attribute that executes arbitrary JavaScript in a...
EUVD-2025-36328
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting XSS via the Address field in the Subscribed Lists group management section...
CVE-2025-32785
Pi-hole Admin Interface (Pi-hole) versions prior to 6.3 are vulnerable to cross-site scripting (XSS) via the Address field in the Subscribed Lists group management. An authenticated user can inject JavaScript by placing a payload in Address when creating or editing a list entry. The XSS is trigge...
CVE-2025-32785 Pi-hole Admin Interface vulnerable to persistent XSS on Subscribed lists group management (Adress Field)
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting XSS via the Address field in the Subscribed Lists group management section...
CVE-2025-32785 Pi-hole Admin Interface vulnerable to persistent XSS on Subscribed lists group management (Adress Field)
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting XSS via the Address field in the Subscribed Lists group management section...
CVE-2025-12246
A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javascript/shared/components/IframeLoader.vue of the component Admin Interface. The manipulation of the argument Link results in cross site scripting. The attack can be executed...
CVE-2025-12246
A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javascript/shared/components/IframeLoader.vue of the component Admin Interface. The manipulation of the argument Link results in cross site scripting. The attack can be executed...
EUVD-2025-36122
A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javascript/shared/components/IframeLoader.vue of the component Admin Interface. The manipulation of the argument Link results in cross site scripting. The attack can be executed...
CVE-2025-12246 chatwoot Admin IframeLoader.vue cross site scripting
A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javascript/shared/components/IframeLoader.vue of the component Admin Interface. The manipulation of the argument Link results in cross site scripting. The attack can be executed...
CVE-2025-12246 chatwoot Admin IframeLoader.vue cross site scripting
A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javascript/shared/components/IframeLoader.vue of the component Admin Interface. The manipulation of the argument Link results in cross site scripting. The attack can be executed...
CVE-2025-12246
The CVE-2025-12246 entry concerns chatwoot versions up to 4.7.0, specifically the Admin Interface file app/javascript/shared/components/IframeLoader.vue. The vulnerability arises from manipulation of the Link argument, enabling cross-site scripting. Exploitation is described as remote, but no in‑...
PT-2025-43903
Name of the Vulnerable Software and Affected Versions chatwoot versions up to 4.7.0 Description A security flaw exists in chatwoot affecting the Admin Interface component, specifically within the app/javascript/shared/components/IframeLoader.vue file. Manipulation of the Link argument can lead to...
PT-2025-44010
Name of the Vulnerable Software and Affected Versions Pi-hole Admin Interface versions prior to 6.3 Description The Pi-hole Admin Interface, a web interface for managing the Pi-hole advertisement and internet tracker blocking application, is susceptible to a cross-site scripting XSS issue. This...
GHSA-4VRF-42CM-7XFW TastyIgniter vulnerable to Cross-Site Scripting
Cross-Site Scripting XSS vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/mediamanager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to...
CVE-2025-62424
ClipBucket is a web-based video-sharing platform. In ClipBucket version 5.5.2 - 146 and earlier, the /adminarea/templateeditor.php endpoint is vulnerable to path traversal. The validation of the file-loading path is inadequate, allowing authenticated administrators to read and write arbitrary fil...
ibexa/admin-ui has an XSS vulnerability in Cancel/Reschedule future publication modal
Impact This security advisory resolves an XSS vulnerability in image asset names, content language names and future publishing in the back office of the DXP. Back office access and varying levels of editing and management permissions are required to exploit this vulnerability. This typically mean...