CVE-2025-53838 LinkAce has a Stored One Click XSS vulnerability

LinkAce is a self-hosted archive to collect website links. A stored cross-site scripting XSS vulnerability was discovered in versions prior to 2.1.9 that allows an attacker to inject arbitrary JavaScript, which is then executed in the context of a user's browser when the malicious link is clicked...

CVE-2025-55998

A cross-site scripting XSS vulnerability in Smart Search & Filter Shopify and BigCommerce apps allows a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into several filter parameter...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataAddonlayouts and dataAddonlayoutsexcept parameters in the /apprain/developer/addons/update/baselibs process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by...

CVE-2025-9567

The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

CVE-2025-33083

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-0656

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

IBM Concert Software 跨站脚本漏洞

IBM Concert Software is IBM's generative AI-driven automated application management and monitoring tool based on the WatsonX platform, focused on optimizing the operational efficiency and reliability of applications. A cross-site scripting vulnerability exists in IBM Concert Software, which can b...

CVE-2024-49790 IBM Watson Studio on Cloud Pak for Data cross-site scripting

IBM Watson Studio on Cloud Pak for Data 4.0 and 5.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi...

CVE-2025-51971

A reflected Cross-Site Scripting XSS vulnerability exists in register.php of PuneethReddyHC Online Shopping System Advanced 1.0. Unsanitized user input in the fname parameter is reflected in the server response without proper HTML encoding or output escaping. This allows remote attackers to injec...

CVE-2025-50985

diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting XSS flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q query, and doctype are directly echoed into the HTML response, allowing attackers to inject and...

Linux Distros Unpatched Vulnerability : CVE-2022-22589

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS...

esri Portal for ArcGIS Enterprise Sites Cross-Site Scripting Vulnerability (CNVD-2025-21187)

esri Portal for ArcGIS Enterprise Sites is an enterprise-level geographic information sharing platform from ESRI that allows users within an organization to view, edit, and share geographic information through the portal. A cross-site scripting vulnerability exists in esri Portal for ArcGIS...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the referer and FORWARDURL parameters. An attacker can execute arbitrary JavaScript in the context of a user's browser by injecting malicious payloads using encoded characters and a null-byte %00 in these...

CVE-2025-9225

Stored cross-site scripting XSS in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser...

EHCP Easy Hosting Control Panel 安全漏洞

EHCP Easy Hosting Control Panel is an open source web hosting control panel from EHCP. A security vulnerability exists in EHCP Easy Hosting Control Panel version 20.04.1.b. The vulnerability stems from a reflective cross-site scripting vulnerability in the action parameter of the List MySQL...

CVE-2025-55106

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in th...

Esri Portal for ArcGIS Enterprise Sites 跨站脚本漏洞

Esri Portal for ArcGIS Enterprise Sites is a geographic information portal publishing software from Esri, Inc. A cross-site scripting vulnerability exists in Esri Portal for ArcGIS Enterprise Sites, which stems from a stored cross-site scripting vulnerability that could lead to the execution of...

CVE-2025-9225

CVE-2025-9225 affects MiR software prior to 3.0.0 in MiR Robots and MiR Fleet. The issue is a stored cross-site scripting (XSS) in the web interface, enabling execution of arbitrary JavaScript in a victim’s browser. Root cause details are not elaborated beyond the XSS attribution in multiple sour...

WellChoose Organization Portal System Cross-Site Scripting Vulnerability (CNVD-2025-19588)

WellChoose Organization Portal System is an electronic directory service system from WellChoose in Taiwan, China. The WellChoose Organization Portal System suffers from a cross-site scripting vulnerability that originates from the application's lack of effective filtering and escaping of...

CVE-2025-51488

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.4, allowing remote attackers to store and execute arbitrary JavaScript by including a malicious HTML payload in the Name parameter when creating a new Admin...