REDAXO 安全漏洞

REDAXO is a content management system from REDAXO open source. A security vulnerability exists in REDAXO versions prior to 5.20.1, which stems from reflective cross-site scripting in the Mediapool view and could lead to arbitrary JavaScript execution...

CVE-2025-65237

A reflected cross-site scripted XSS vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload...

CVE-2025-60796

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting XSS vulnerabilities across various components. User-supplied input from $REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.ph...

Cross-site Scripting (XSS)

Overview @astrojs/internal-helpers is an Internal helpers used by core Astro packages. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the isRemoteAllowed function. An attacker can execute arbitrary JavaScript in the victim's browser by submitting a crafted SVG...

CVE-2025-63879

A reflected cross-site scripted XSS vulnerability in the /ecommerce/products.php component of E-commerce Project v1.0 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the id parameter...

CVE-2025-51662

A stored cross-site scripting XSS vulnerability is found in the text sharing feature of FileCodeBox version 2.2 and earlier. Insufficient input validation allows attackers to inject arbitrary JavaScript code into shared text "codeboxes". The xss payload is automatically executed in the browsers o...

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Image Name parameter in the /maps/nodeimage endpoint. An attacker can execute...

LibreNMS 跨站脚本漏洞

LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. A cross-site scripting vulnerability exists in LibreNMS versions prior to 25.11.0, which...

E-commerce 安全漏洞

E-commerce is a dynamic e-commerce website by the individual developer Bhabishya Ghimire. A security vulnerability exists in E-commerce v1.0, which originates from DOM-type cross-site scripting and could lead to arbitrary JavaScript execution...

CVE-2025-64758

@dependencytrack/frontend is a Single Page Application SPA used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Since version 4.12.0, Dependency-Track users with the SYSTEMCONFIGURATION permission...

Dependency-Track Front-End 跨站脚本漏洞

Dependency-Track Front-End is a Dependency-Track open source front-end UI for dependency tracking. A cross-site scripting vulnerability exists in Dependency-Track Front-End versions 4.12.0 through prior to 4.13.6, which stems from improper HTML cleanup and could lead to arbitrary JavaScript...

CVE-2025-63589

A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...

CVE-2025-12682 Easy Upload Files During Checkout <= 2.9.8 - Unauthenticated Arbitrary JavaScript File Upload

The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'fileduringcheckout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload...

WordPress plugin Easy Upload Files During Checkout 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... A code issue...

CVE-2025-61431

A reflected cross-site scripted XSS vulnerability in the /jsp/gsfrfeditorHTML.jsp endpoint of Zucchetti ZMaintenance Infinity and Infinity Zucchetti v4.1 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the...

Cross-site Scripting (XSS)

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via exposed input parameters. An administrator can execute arbitrary JavaScript code in the context of the user's...

CVE-2025-53883

A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability allows attackers to run arbitrary javascript via a reflected XSS issue in the search fields.This issue affects Container suse/manager/5.0/x8664/server:latest: from ? before 5.0.28-150600.3.36.8; SUSE Manag...

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27702)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by mail server settings. An attacker can exploit this...

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27704)

IPFire is an open source Linux distribution from the IPFire organization. It is mainly used as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and escaping of the INCSPD, OUTSPD, DEFCLASSINC, and DEFCLASSOUT parameters,...

PT-2025-44621

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.1 Description A cross-site scripting XSS issue exists in Nagios XI when a user visits the "missing page" 404 page after following a link from another website. The page-missing.php component does not properly...