filebrowser allows Stored Cross-Site Scripting through the Markdown preview function

Summary The Markdown preview function of File Browser v2.32.0 is vulnerable to Stored Cross-Site-Scripting XSS. Any JavaScript code that is part of a Markdown file uploaded by a user will be executed by the browser Impact A user can upload a malicious Markdown file to the application which can...

CVE-2025-45879

A cross-site scripting XSS vulnerability in the e-mail manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload...

CVE-2025-45880

A cross-site scripting XSS vulnerability in the data resource management function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload...

CVE-2025-45878

A cross-site scripting XSS vulnerability in the report manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload...

CVE-2025-45880

A cross-site scripting XSS vulnerability in the data resource management function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload...

CVE-2025-45878

CVE-2025-45878 is an XSS vulnerability in the report manager function of Miliaris Amigdala v2.2.6. The issue allows an attacker to cause arbitrary HTML to execute in the context of a user’s browser via a crafted payload. The provided metrics indicate a CVSS v3.1 base score of 6.1 (MEDIUM), with n...

PT-2025-25740 · Unknown · Miliaris Amigdala

Name of the Vulnerable Software and Affected Versions: Miliaris Amigdala version 2.2.6 Description: A cross-site scripting XSS issue in the report manager function allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload. Recommendations: For Miliaris...

CVE-2024-42818

A cross-site scripting XSS vulnerability in the Config-Create function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...

ChuanhuChatGPT HTML Injection Vulnerability

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. An HTML injection vulnerability exists in chuanhuchatgpt version 20b2e02, which stems from improper HTML tag cleanup in chat history uploads,...

Cross site scripting

RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Questionnaire ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application...

Open-Xchange (OX) App Suite Multiple Vulnerabilities - 01 (Oct 2015)

Open-Xchange OX App Suite is prone to multiple vulnerabilities. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...

Cross-Site Scripting (XSS) in qTranslate WordPress Plugin

High-Tech Bridge Security Research Lab discovered vulnerability in qTranslate WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against website administrators. Successful exploitation of this vulnerability may allow a remote attacker to gain complete control ove...

Loxone Smart Home Multiple Cross-Site Scripting Vulnerabilities

Loxone Smart Home is a WEB-based application. Multiple cross-site scripting vulnerabilities in Loxone Smart Home could be exploited by an attacker to execute arbitrary HTML script and code within the context of the affected application...

InterScan Messaging Security Virtual Appliance 8.5.1.1516 Cross Site Scripting

I. VULNERABILITY ------------------------- XSS Attacks vulnerability in InterScan Messaging Security Virtual Appliance 8.5.1.1516 II. DESCRIPTION ------------------------- Has been detected a XSS vulnerability in InterScan Messaging Security Virtual Appliance version 8.5.1.1516. The code injectio...

WordPress NextGen Smooth Gallery Plugin <= 1.2 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

FluxBB 1.5.3 - Multiple Vulnerabilities

Exploit for php platform in category web applications !-- FluxBB 1.5.3 Multiple Remote Vulnerabilities Vendor: FluxBB Product web page: http://www.fluxbb.org Affected version: 1.5.3 Summary: FluxBB is fast, light, user-friendly forum software for your website. Desc: FluxBB suffers from a cross-si...

Microsoft InfoPath HTML Sanitisation Component XSS Vulnerability (2821818)

This host is missing an important security update according to Microsoft Bulletin MS13-035. OpenVAS Vulnerability Test $Id: secpodofficeinfopathms13-035.nasl 5339 2017-02-18 16:28:22Z cfi $ Microsoft InfoPath HTML Sanitisation Component XSS Vulnerability 2821818 Authors: Antu Sanadi Copyright:...

XSS in OneOrZero AIMS

High-Tech Bridge SA Security Research Lab has discovered vulnerability in OneOrZero AIMS, which can be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in OneOrZero AIMS: CVE-2012-0989 Input appended to the URL after index.php is not properly sanitised...

eFront <= 3.6.9 Build 11018 Multiple Vulnerabilities

eFront is prone to cross-site scripting XSS and local file inclusion LFI vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Proxy Web Server XSS

The remote host is running a proxy web server that fails to adequately sanitize request strings of malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site. C...