CVE-2025-50128

A cross-site scripting xss vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2025-50128

Cisco Talos reports a cross-site scripting (XSS) vulnerability in WWBN AVideo 14.4 and the dev master commit 8a8954ff, affecting the videoNotFound.php 404ErrorMsg parameter. A specially crafted HTTP request can cause arbitrary Javascript execution when a user visits a crafted page, enabling poten...

CVE-2025-36548

WWBN AVideo 14.4 and dev master commit 8a8954ff are vulnerable to a reflected XSS via the loginForm cancelUri parameter. A crafted HTTP request can cause arbitrary JavaScript execution when a user visits a malicious page. TALOS reports the vulnerability and notes vendor patches were released; rem...

PT-2025-30683 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 14.4 and dev master commit 8a8954ff Description: A cross-site scripting xss vulnerability exists in the videosList page parameter functionality. A specially crafted HTTP request can lead to arbitrary Javascript execution,...

WWBN AVideo managerPlaylists PlaylistOwnerUsersId parameter cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2025-2205 WWBN AVideo managerPlaylists PlaylistOwnerUsersId parameter cross-site scripting XSS vulnerability July 24, 2025 CVE Number CVE-2025-46410 SUMMARY A cross-site scripting xss vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter...

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform builder written in PHP by the WWBN team. A cross-site scripting vulnerability exists in WWBN AVideo version 14.4, which stems from the videoNotFound 404ErrorMsg parameter that is vulnerable to cross-site scripting attacks and could lead to the execution of arbitrar...

CVE-2025-40598

A Reflected cross-site scripting XSS vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code...

PT-2025-30441 · Unknown +1 · Aimhubio Aim +1

Name of the Vulnerable Software and Affected Versions: aimhubio Aim versions 3.28.0 Description: A cross-site scripting XSS issue exists in aimhubio Aim 3.28.0. Remote attackers can execute arbitrary JavaScript in a victim’s browser by submitting malicious Python code to the /api/reports endpoint...

CVE-2025-51464

The CVE-2025-51464 entry affects aimhubio Aim version 3.28.0. A cross-site scripting (XSS) vulnerability exists in the /api/reports endpoint where Python code is submitted and interpreted by Pyodide when a report is viewed, allowing execution of arbitrary JavaScript in a victim’s browser via pyod...

Aim 跨站脚本漏洞

Aim is an easy-to-use and high-performance open source experiment tracker from Aim Open Source USA. A security vulnerability exists in Aim version 3.28.0, which stems from a cross-site scripting vulnerability in the /api/reports endpoint that could lead to the execution of arbitrary JavaScript in...

CVE-2025-54075 mdc vulnerable to XSS in markdown rendering bypassing HTML filter. (N°4)

MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2, a remote script-inclusion / stored cross-site scripting vulnerability in @nuxtjs/mdc lets a Markdown author inject a element. The tag rewrites how all subsequent relative...

CVE-2025-7380

A stored Cross-Site Scripting XSS vulnerability exists in the Access Control of ADM, the issue allows an attacker to inject malicious scripts into the folder name field while creating a new shared folder. These scripts are not properly sanitized and will be executed when the folder name is...

CVE-2025-45662

A cross-site scripting XSS vulnerability in the component /master/login.php of mpgram-web commit 94baadb allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload...

@pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation

Summary The expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical vulnerabilities allowing sandbox escape leading to XSS and prototype pollution attacks. Details 1. Sandbox Escape Leading to XSS The expression evaluator's sandbox can be bypassed to execute arbitrary JavaScript...

PT-2025-29133 · Pdfme · Pdfme

Name of the Vulnerable Software and Affected Versions: pdfme versions 5.2.0 through 5.4.0 Description: The expression evaluation feature in pdfme contains critical vulnerabilities allowing sandbox escape, leading to Cross-Site Scripting XSS and prototype pollution attacks. Attackers can bypass th...

PT-2025-28653 · Ibm · Ibm Openpages With Watson

Name of the Vulnerable Software and Affected Versions: IBM OpenPages with Watson version 9.0 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. This i...

webkitgtk: arbitrary javascript code execution

A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution...

webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript

A vulnerability was found in WebKitGTK. The vulnerability exists due to improper input validation in WebKit when processing email messages. This flaw allows a remote attacker to trick the victim into opening a specially crafted email message and execute arbitrary JavaScript code...

CVE-2025-34032

A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the pdfjs-1.4.20 component under public/plugins/. An attacker can execute arbitrary JavaScript code in the context of the user's browser by injecting malicious scripts into PDF files rendered by the...