CVE-2025-22602 Stored DOM-based XSS (without CSP) via video placeholders in Discourse

Discourse is an open source platform for community discussion. In affected versions an attacker can execute arbitrary JavaScript on users' browsers by posting a malicious video placeholder html element. This issue only affects sites with CSP disabled. This problem has been patched in the latest...

CVE-2025-22602 Stored DOM-based XSS (without CSP) via video placeholders in Discourse

Discourse is an open source platform for community discussion. In affected versions an attacker can execute arbitrary JavaScript on users' browsers by posting a malicious video placeholder html element. This issue only affects sites with CSP disabled. This problem has been patched in the latest...

Discourse 跨站脚本漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. Discourse suffers from a cross-site scripting vulnerability that originates from an attacker being able to execute arbitrary JavaScript code on a...

DevDojo Voyager vulnerable to reflected Cross-site Scripting

DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed...

CVE-2024-55416

DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed...

CVE-2024-55416

DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed...

CVE-2024-55416

DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed...

Cross-Site Scripting (XSS)

phpmyadmin/phpmyadmin is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in table or database names within the check tables feature, allowing an attacker to execute arbitrary JavaScript in the victim's browser...

CVE-2024-57514

The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting XSS due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL...

CVE-2024-57514

The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting XSS due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL...

Audemium ERP 安全漏洞

Audemium ERP is a free and open source enterprise resource planning system for small businesses from Audemium. A security vulnerability exists in Audemium ERP version 0.9.0 and prior versions, which stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability that allows remote...

XVIDEOS: Stored XSS via SMTP Error Message

A Stored Cross-Site Scripting XSS vulnerability was identified on the /account/email page for www.xvideos.com. The vulnerability arose from the improper handling of SMTP error messages, which were passed into the html method without proper sanitization, allowing an attacker to store and execute...

CVE-2024-56924

A Cross Site Request Forgery CSRF vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page pagesaccount, potentially leading to unauthorized actions such as changing account settings or stealing sensitive user information...

CVE-2024-56924

A Cross Site Request Forgery CSRF vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page pagesaccount, potentially leading to unauthorized actions such as changing account settings or stealing sensitive user information...

Silverpeas Core 跨站脚本漏洞

Silverpeas Core is an open source project from Silverpeas Open Source for building and running collaborative and social web portals. A cross-site scripting vulnerability exists in Silverpeas Core version 6.4.1. An attacker can exploit this vulnerability to execute arbitrary JavaScript code...

CVE-2024-56924

A Cross Site Request Forgery CSRF vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page pagesaccount, potentially leading to unauthorized actions such as changing account settings or stealing sensitive user information...

CVE-2025-0583 aEnrich Technology a+HRD - Reflected Cross-site Scripting(XSS)

The a+HRD from aEnrich Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

KaTeX \htmlData does not validate attribute names

Impact KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript, or generate invalid HTML. Patches Upgrade to KaTeX v0.16.21 to remove this vulnerability. Workarounds - Avoid use of or turn off the...

CVE-2024-47140

A cross-site scripting xss vulnerability exists in the addalertcheck page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker...

CVE-2021-29669

CVE-2021-29669 affects IBM Jazz Foundation (versions 6.0.6, 6.0.6.1, 7.0, 7.0.1, 7.0.2). The issue is a cross-site scripting vulnerability that could allow an attacker to embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. The public m...