yelp: Arbitrary file read

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...

FlaskBlog 安全漏洞

FlaskBlog is a simple blogging application built using Flask by Doğukan Ürker, an individual developer. A security vulnerability exists in FlaskBlog version 2.6.1, which stems from the presence of cross-site scripting in the postContent parameter, which could lead to the execution of arbitrary we...

CVE-2025-27574

Cross-site scripting vulnerability exists in the USB storage file-sharing function of HGW-BL1500HM Ver 002.002.003 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is using the configuration page or functions accessible only...

tianti 跨站脚本漏洞

tianti tianti is jeffry personal developer of a JAVA lightweight CMS solution. A security vulnerability exists in tianti v2.3. An attacker can exploit this vulnerability to execute arbitrary Web script or HTML by injecting a specially crafted payload into the coverImageURL parameter...

CVE-2025-24494

CVE-2025-24494 affects the Keysight Ixia Vision Product Family. A path traversal vulnerability combined with the Upload functionality could lead to remote code execution under a privileged device admin account, potentially enabling execution of arbitrary scripts or uploaded binaries. The issue is...

PT-2025-8731 · Cisco · Cisco Apic

Name of the Vulnerable Software and Affected Versions: Cisco APIC affected versions not specified Description: A stored XSS attack can be performed by an authenticated, remote attacker on the web UI of the system. The issue arises from improper input validation in the web UI, allowing an attacker...

CVE-2025-22888

Movable Type contains a stored cross-site scripting vulnerability in the custom block edit page of MT Block Editor. If exploited, an arbitrary script may be executed on a logged-in user's web browser...

CVE-2025-25054

Movable Type contains a reflected cross-site scripting vulnerability in the user information edit page. When Multi-Factor authentication plugin is enabled and a user accesses a crafted page while logged in to the affected product, an arbitrary script may be executed on the web browser of the user...

CVE-2023-49780

CVE-2023-49780 is a cross-site scripting vulnerability in acmailer CGI versions 4.0.5 and earlier. The issue allows an arbitrary script to run in the web browser of users who access the management page. Affected product: acmailer CGI supplied by Extra Innovation Inc. Root cause: reflected/stored ...

CVE-2025-24810

CVE-2025-24810 affects the WordPress plugin Simple Image Sizes (versions ≤ 3.2.3). The observed issue is a cross-site scripting vulnerability that, if exploited, can execute arbitrary script in the web browser of an admin user when accessing the settings screen. The root cause is a stored XSS vec...

Hewlett Packard Enterprise Aruba Networking Fabric Composer 安全漏洞

Hewlett Packard Enterprise Aruba Networking Fabric Composer HPE Aruba Networking Fabric Composer is an intelligent, API driven, software-defined orchestration solution from Hewlett Packard Enterprise. A security vulnerability exists in Hewlett Packard Enterprise Aruba Networking Fabric Composer. ...

JFinalOA 安全漏洞

JFinalOA is an enterprise office system developed on the JFinal framework by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01. An attacker exploiting this vulnerability could execute arbitrary web script or HTML via a specially crafted payloa...

JFinalOA 安全漏洞

JFinalOA is an enterprise office system developed on the JFinal framework by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01. An attacker exploiting this vulnerability could execute arbitrary web script or HTML via a specially crafted payloa...

WordPress plugin WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. WordPress plugin WordPress Book Plugin for Displaying...

WeGIA 安全漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A security vulnerability exists in WeGIA version v3.2.0. An attacker can exploit the vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload with the id or name...

CVE-2024-53278

Cross-site scripting vulnerability exists in WP Admin UI Customize versions prior to ver 1.5.14. If a malicious admin user customizes the admin screen with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the admin screen...

CVE-2024-53278

CVE-2024-53278 is a stored cross-site scripting vulnerability in the WordPress plugin WP Admin UI Customize . Affected versions are those prior to 1.5.14 . If a malicious admin user customizes the admin screen with crafted content, an arbitrary script can be executed in the web browser of other u...

WordPress plugin WPAdverts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Save as PDF Plugin by Pdfcrowd 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

CVE-2022-20632

A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate...