OESA-2025-1608 yelp security update

Yelp is the help viewer in GNOME. It natively views Mallard, DocBook, man, info, and HTML documents. It can locate documents according to the freedesktop.org help system specification. Security Fixes: A flaw was found in Yelp. The Gnome user help application allows the help document to execute...

Medical Card Generation System HTML Injection Vulnerability

Medical Card Generation System is a medical card generation system. The Medical Card Generation System suffers from an HTML injection vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the pagedes parameter of admin/contactus.php, which can be...

CVE-2025-4985

A stored Cross-site Scripting XSS vulnerability affecting Risk Management in Project Portfolio Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-0602

A stored Cross-site Scripting XSS vulnerability affecting Compare in Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-4991

A stored Cross-site Scripting XSS vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-41406

Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the moderator user...

CVE-2025-4992

A stored Cross-site Scripting XSS vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-4991

A stored Cross-site Scripting XSS vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-4983

A stored Cross-site Scripting XSS vulnerability affecting City Referential in City Referential Manager on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-4983

CVE-2025-4983 is a stored Cross-site Scripting (XSS) vulnerability affecting City Referential Manager on Release 3DEXPERIENCE R2025x. The issue concerns the City Referential component, with the underlying impact being arbitrary script execution in a user’s browser session. The provided metrics in...

CVE-2025-4984

CVE-2025-4984 describes a stored XSS vulnerability in City Discover within City Referential Manager on Release 3DEXPERIENCE R2025x. The issue affects City Discover/City Referential Manager components and could allow an attacker to execute arbitrary script code in a user’s browser session. The lin...

CVE-2025-4985

CVE-2025-4985 affects Dassault Systèmes Project Portfolio Manager (Risk Management) across 3DEXPERIENCE R2022x–R2025x, with a stored XSS vulnerability that allows script execution in a user’s browser. The root cause is stored XSS within Risk Management, enabling arbitrary script execution per the...

CVE-2025-4989 Stored Cross-site Scripting (XSS) vulnerability affecting Requirements in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x

A stored Cross-site Scripting XSS vulnerability affecting Requirements in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-4990

CVE-2025-4990 — Normal mode Affected: Change Governance in Product Manager (Dassault Systèmes 3DEXPERIENCE) from releases R2022x through R2025x. Vulnerability: Stored Cross-site Scripting (XSS) that allows an attacker to inject and execute arbitrary script in a user’s browser session. Root cause/...

CVE-2025-4992 Stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x

A stored Cross-site Scripting XSS vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-41406

Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the moderator user...

CVE-2025-41406

Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the moderator user...

CVE-2025-41406

CVE-2025-41406 affects wivia 5 all versions. Connected sources confirm a Cross-site Scripting (CWE-79) flaw where, when a user connects to the affected device with a specific operation, an arbitrary script can execute in the moderator’s web browser. No explicit exploit details are provided in the...

CVE-2025-41406

Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the moderator user...

PT-2025-23261 · Wivia 5 · Wivia 5

Name of the Vulnerable Software and Affected Versions: Wivia 5 affected versions not specified Description: A cross-site scripting issue exists. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the...