CVE-2025-45314

A cross-site scripting XSS vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the add function...

CVE-2025-53631 flaskBlog XSS Vulnerability in postContent

flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution XSS on all pages the post is reflected on including /, /post/ID, /admin/posts, and /user/ID of the user...

FlaskBlog 跨站脚本漏洞

FlaskBlog is a simple blogging application built using Flask by Doğukan Ürker, an individual developer. A cross-site scripting vulnerability exists in flaskBlog 2.8.1 and earlier versions, which stems from improper postContent cleanup and could lead to arbitrary JavaScript execution...

CVE-2025-45313

A cross-site scripting XSS vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the title parameter...

WellChoose Organization Portal System 跨站脚本漏洞

WellChoose Organization Portal System is an electronic directory service system from WellChoose in Taiwan, China. A cross-site scripting vulnerability exists in the WellChoose Organization Portal System that can be exploited by an attacker to execute arbitrary JavaScript code in a user's browser...

CVE-2025-45313

A cross-site scripting XSS vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the title parameter...

CVE-2025-45314

A cross-site scripting XSS vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the add function...

CVE-2025-45314

CVE-2025-45314 describes an XSS in hortusfox-web v4.4 affecting the /Calendar endpoint, where a crafted payload injected into the add function allows arbitrary JavaScript execution in a user’s browser. The vulnerability is evidenced across multiple sources in the connected documents, including Re...

CVE-2025-51531

A reflected cross-site scripting XSS vulnerability in Sage DPW 202412004 and earlier allows attackers to execute arbitrary JavaScript in the context of a victim's browser via injecting a crafted payload into the tabfields parameter at /dpw/scripts/cgiip.exe/WService. The vendor has stated that th...

CVE-2012-10032

Maxthon3 before version 3.3 is vulnerable to cross-context scripting (XCS) via the about:history page. The trusted zone may execute injected script content with privileged context, enabling modification of browser configuration and execution of arbitrary code through Maxthon’s exposed DOM APIs (e...

CVE-2025-51569

A cross-site scripting XSS vulnerability exists in the LB-Link BL-CPE300M 01.01.02P42U1406 router's web interface. The /goform/goformgetcmdprocess endpoint fails to sanitize user input in the cmd parameter before reflecting it into a text/html response. This allows unauthenticated attackers to...

Microweber has Reflected XSS Vulnerability in the id Parameter

Reflected Cross-Site Scripting XSS in the id parameter of the liveedit.modulesettings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript...

GHSA-MVJ3-HC7J-VP74 Microweber has Reflected XSS Vulnerability in the layout Parameter

Reflected Cross-Site Scripting XSS in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users...

CVE-2025-51501

Reflected Cross-Site Scripting XSS in the id parameter of the liveedit.modulesettings API endpoint in Microweber CMS2.0 allows execution of arbitrary JavaScript...

CVE-2025-8319

the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter...

Microweber CMS 安全漏洞

Microweber CMS is a drag-and-drop website builder from Microweber Open Source. A security vulnerability exists in Microweber CMS version 2.0, which stems from reflected cross-site scripting in the layout parameter in the /admin/page/create page, which could lead to arbitrary JavaScript execution...

CVE-2025-51501

CVE-2025-51501 : Microweber CMS 2.0 is affected by a Reflected XSS in the id parameter of the live_edit.module_settings API endpoint. The vulnerability allows an authenticated attacker to inject and execute arbitrary JavaScript in a victim’s browser via the id parameter, with impact described as ...

Microweber Has Stored XSS Vulnerability in User Profile Fields

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...

GHSA-782F-GXJ5-XVQC Microweber Has Stored XSS Vulnerability in User Profile Fields

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...

CVE-2025-51503

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...