CVE-2025-69624

Nitro PDF Pro for Windows 14.41.1.4 contains a NULL pointer dereference vulnerability in the JavaScript implementation of app.alert. When app.alert is called with more than one argument and the first argument evaluates to null for example, app.alertapp.activeDocs, true when app.activeDocs is null...

PT-2025-44323

Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.11.0 Description Wazuh is a platform for threat prevention, detection, and response. A flaw exists in the fim alert implementation where it does not verify if the return value of ctime r is NULL before using it with...

CVE-2025-54806

GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert function. If a user accesses a crafted URL while logged in to the affected product, an arbitrary script may be executed on the user's web browser...

CVE-2025-54806

GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert function. If a user accesses a crafted URL while logged in to the affected product, an arbitrary script may be executed on the user's web browser...

CVE-2025-54806

GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert function. If a user accesses a crafted URL while logged in to the affected product, an arbitrary script may be executed on the user's web browser...

CVE-2025-54806

CVE-2025-54806 concerns GROWI up to v4.2.7. A cross-site scripting (CWE-79) flaw exists in the page alert function. When a logged-in user visits a crafted URL, an arbitrary script can execute in the user’s browser. Documented impact is client-side script execution with potential confidentiality/i...

EUVD-2025-35654

GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert function. If a user accesses a crafted URL while logged in to the affected product, an arbitrary script may be executed on the user's web browser...

GROWI vulnerable to cross-site scripting

Overview GROWI provided by GROWI, Inc. contains the following vulnerability. Cross-site scripting in the page alert function CWE-79 - CVE-2025-54806 GROWI, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and GROWI, Inc. coordinated under the...

EUVD-2017-2583

Malware in sbrugna...

Nozomi Networks Guardian/CMC SQL注入漏洞

Nozomi Networks Guardian/CMC is a centralized management console from Nozomi Networks, Inc. in the United States. A SQL injection vulnerability exists in Nozomi Networks Guardian/CMC that stems from improper validation of input parameters in the Alert function, which could lead to an SQL injectio...

Synology Surveillance Station 安全漏洞

Synology Surveillance Station is an application from Synology Inc. of China. It provides intelligent monitoring and video management tools to protect your valuable assets. A security vulnerability exists in Synology Surveillance Station versions prior to 9.2.0-11289 and 9.2.0-9289. An attacker ca...

CVE-2023-46998

Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert, confirm, prompt functions...

DEBIAN-CVE-2023-46998

Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert, confirm, prompt functions...

CVE-2023-46998

Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert, confirm, prompt functions...

Reflected XSS in /editor_tools/rte_image_editor

Description Reflected Cross-Site Scripting Vulnerability in types GET parameter on the /editortools/rteimageeditor endpoint Proof of Concept in File microweber/userfiles/modules/microweber/toolbar/editortools/rteimageeditor/index.php on Line 15, we can observe the source $GET'types' being saved...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable due to an unusual sequence of events controlled by an attacker, and alert can therefore display arbitrary albeit unstyled content on top of an uncontrolled page of the attacker's choice...

CVE-2021-35219

ExportToPdfCmd Arbitrary File Read Information Disclosure Vulnerability using ImportAlert function within the Alerts Settings page...

metadatos.ideca.gov.co XSS vulnerability

Open Bug Bounty ID: OBB-656116 Description| Value ---|--- Affected Website:| metadatos.ideca.gov.co Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service

Exploit Title:Brave Browser...

CVE-2008-4382

Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service application crash via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters...