Six Apart Movable Type 跨站脚本漏洞

Six Apart Movable Type is an application from Six Apart USA. Six Apart Movable Type is an application from Six Apart, Inc. that provides features such as multiple users, comments, references TrackBack, topics, and more. A cross-site scripting vulnerability exists in Six Apart Movable Type, which...

WordPress plugin Cinza Grid 跨站脚本漏洞

WordPress Cinza Grid plugin is a lightweight WordPress plugin based on Isotope Waterfall Layout for creating responsive grid layouts that support the presentation of posts, pages or custom content types. WordPress Cinza Grid plugin suffers from a cross-site scripting vulnerability that stems from...

WordPress Ova Advent plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Ova Advent plugin, which stems from insufficient input cleanup and output escaping, and can be exploited by an...

D-Link Nuclias Connect Cross-Site Scripting Vulnerability

D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. D-Link Nuclias Connect suffers from a cross-site scripting vulnerability that stems from the application...

WordPress Digiseller plugin cross-site scripting vulnerability

WordPress Digiseller plugin is a plugin that is mainly used to help users integrate digital merchandising features in their websites. A cross-site scripting vulnerability exists in the WordPress Digiseller plugin, which stems from a lack of effective filtering and escaping of the ds shortcode, an...

HCL AION code execution vulnerability (CNVD-2026-16411)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a code execution vulnerability that is caused due to a flaw in the content security policy. An attacker can exploit the vulnerability to execute arbitrary scripts inline...

CVE-2025-62508

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the sticky header button message handling. In stickyHeader.js the copyButtonAttributes function assigns innerHTML from a source element’s...

CVE-2025-62508 Citizen vulnerable to stored XSS in sticky header button messages

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. Citizen from 3.3.0 to 3.9.0 are vulnerable to stored cross-site scripting in the sticky header button message handling. In stickyHeader.js the copyButtonAttributes function assigns innerHTML from a source element’s...

Centreon has an unspecified vulnerability (CNVD-2025-24172)

Centreon is a set of open source system monitoring tools from France's Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. Centreon has a security vulnerability that can be exploited by attackers to execute arbitrary Web scrip...

CVE-2025-58115

ChatLuck contains a cross-site scripting vulnerability in Guest User Sign-up. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing the product...

CVE-2025-53858

CVE-2025-53858 affects ChatLuck, a ChatLuck product, with a cross-site scripting vulnerability in Chat Rooms that could allow arbitrary script execution in the web browser of a user accessing the product. The connected Red Hat, NVD, JVN, and CVE records corroborate the issue as a browser-executab...

ChatLuck 跨站脚本漏洞

ChatLuck is an enterprise internal and external communication software from the Japanese company ChatLuck. ChatLuck suffers from a cross-site scripting vulnerability that originates from a cross-site scripting vulnerability in ChatLuck, which could lead to the execution of arbitrary script in a...

D-Link Nuclias Connect 安全漏洞

D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. D-Link Nuclias Connect suffers from a cross-site scripting vulnerability that stems from the application...

Adobe Commerce 跨站脚本漏洞

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

CVE-2025-10558 Stored Cross-site Scripting (XSS) vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x

A stored Cross-site Scripting XSS vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

PT-2025-41768

Name of the Vulnerable Software and Affected Versions 3DSearch on 3DSwymer versions prior to 3DEXPERIENCE R2025x Description A stored Cross-site Scripting XSS issue exists in 3DSearch within 3DSwymer. This allows an attacker to execute arbitrary script code within a user’s browser session...

WordPress Eulerpool Research Systems plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Eulerpool Research Systems plugin that stems from a lack of valid filtering and escaping of the aaq shortcode, which...

WordPress dbview plugin cross-site scripting vulnerability

WordPress dbview plugin is a plugin for database query and display , developed by John Akers. The plugin through AJAX technology to achieve real-time query and dynamic display of database data , support for the direct execution of SQL statements and visual presentation of the results . WordPress...

PT-2025-41766

Name of the Vulnerable Software and Affected Versions ENOVIA Specification Manager versions 3DEXPERIENCE R2023x through 3DEXPERIENCE R2025x Description A stored Cross-site Scripting XSS issue exists in Specification Management within ENOVIA Specification Manager. This allows an attacker to execut...

WordPress Epic Bootstrap Buttons plugin cross-site scripting vulnerability

WordPress Epic Bootstrap Buttons plugin is a plugin for quickly adding Bootstrap style buttons to your WordPress website. WordPress Epic Bootstrap Buttons plugin suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of icol parameters, whic...