Cross-site Scripting (XSS)

Overview org.apache.jspwiki:jspwiki-main is a main release jar for Apache JSPWiki engine. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Image plugin. An attacker can execute arbitrary JavaScript in a victim's browser and access sensitive information by...

CVE-2025-51503

Summary: CVE-2025-51503 is a stored XSS vulnerability in Microweber CMS 2.0 that allows injection of malicious scripts into user profile fields, resulting in arbitrary JavaScript execution in an admin browser. Affected product / component: Microweber CMS 2.0 (Microweber/microweber stack indicated...

Project Management 安全漏洞

Project Management is an open source project management tool from DEVASLAN - PHP Open Source. A security vulnerability exists in Project Management v1.2.4, which stems from a stored cross-site scripting vulnerability that could lead to the execution of arbitrary JavaScript code...

CVE-2025-51569

A cross-site scripting XSS vulnerability exists in the LB-Link BL-CPE300M 01.01.02P42U1406 router's web interface. The /goform/goformgetcmdprocess endpoint fails to sanitize user input in the cmd parameter before reflecting it into a text/html response. This allows unauthenticated attackers to...

CVE-2025-8319

the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter...

CVE-2024-45515

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A Cross-Site Scripting XSS vulnerability exists in Zimbra webmail due to insufficient validation of the content type metadata when importing files into the briefcase. Attackers can exploit this issue by crafting a file with...

CVE-2024-45515

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A Cross-Site Scripting XSS vulnerability exists in Zimbra webmail due to insufficient validation of the content type metadata when importing files into the briefcase. Attackers can exploit this issue by crafting a file with...

📄 ISPConfig 3.3.0 Cross Site Scripting

ISPConfig version 3.3.0 suffers from a cross site scripting vulnerability in the system status webpage. CVE-2025-52206 Reflected Cross Site Scripting XSS Suggested description ISPConfig 3.3.0 is vulnerable to Cross Site Scripting XSS via the system status webpage...

CVE-2025-32731

A reflected cross-site scripting xss vulnerability exists in the radiationDoseReport.php functionality of meddream MedDream PACS Premium 7.3.5.860. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabilit...

CVE-2025-54414

Anubis is a Web AI Firewall Utility that weighs the soul of users' connections using one or more challenges in order to protect upstream resources from scraper bots. In versions 1.21.2 and below, attackers can craft malicious pass-challenge pages that cause a user to execute arbitrary JavaScript...

Copyparty 跨站脚本漏洞

Copyparty is a portable file server for ed individual developers. A cross-site scripting vulnerability exists in Copyparty 1.18.4 and earlier versions, which stems from improper cleaning of the multimedia tags of music files and could lead to the execution of arbitrary JavaScript code...

CVE-2025-41420

A cross-site scripting xss vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2025-36548

A cross-site scripting xss vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigg...

CVE-2025-50128

A cross-site scripting xss vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

Cross-site Scripting (XSS)

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SVG Upload. An attacker can execute arbitrary JavaScript in the context of a user's browser by uploading a crafted SVG file containing malicious code. Details...

CVE-2025-50128

A cross-site scripting xss vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2025-50128

A cross-site scripting xss vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2025-46410

A cross-site scripting xss vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to...

CVE-2025-53084

CVE-2025-53084 affects WWBN AVideo 14.4 and the dev master commit 8a8954ff. Talos reports a reflected XSS in the videosList.php page parameter handling (parameter: page) due to missing sanitization, enabling arbitrary JavaScript execution when a user visits a crafted page. The vulnerability is ex...

CVE-2025-50128

A cross-site scripting xss vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...