IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27707)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that can be exploited by attackers to inject arbitrary JavaScript code...

CVE-2025-53883 spacewalk-java has various XSS issues on search page

A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability allows attackers to run arbitrary javascript via a reflected XSS issue in the search fields.This issue affects Container suse/manager/5.0/x8664/server:latest: from ? before 5.0.28-150600.3.36.8; SUSE Manag...

PT-2025-44398

Name of the Vulnerable Software and Affected Versions Container suse/manager versions prior to 5.0.28-150600.3.36.8 SUSE Manager Server LTS 4.3 versions prior to 4.3.88-150400.3.113.5 Description An Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS issue exists, allowing...

CVE-2025-62800

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page oauthcallback.py where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScri...

CVE-2025-34308

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the UPDATEVALUE parameter when updating the default time synchronization settings. When the default values...

CVE-2025-54965

An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that can be exploited by attackers to inject arbitrary JavaScript code...

CVE-2025-54965

An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...

Cross-site Scripting (XSS)

net.mingsoft:ms-mcms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper validation of user-supplied input, which allows an attacker to inject and execute arbitrary JavaScript in the victim’s browser through a crafted payload...

CVE-2025-60837

A reflected cross-site scripting XSS vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload...

MingSoft MCMS 安全漏洞

MingSoft MCMS is a complete open source J2ee system from China's MingFei MingSoft. A security vulnerability exists in MingSoft MCMS version v6.0.1, which originates from reflective cross-site scripting and could lead to an attacker executing arbitrary Javascript in a user's browser environment...

CVE-2025-60837

MCMS v6.0.1 is affected by a reflected XSS vulnerability (CVE-2025-60837). The issue enables an attacker to execute arbitrary JavaScript in a user’s browser via a crafted payload. The CVE entry lists CVSS v3.1 base metrics: AV:N, AC:L, PR:N, UI:R, S:C, C:L, I:L, A:N, with a base score of 6.1 (Med...

CVE-2025-60506

Moodle PDF Annotator plugin v1.5 release 9 allows stored cross-site scripting XSS via the Public Comments feature. An attacker with a low-privileged account e.g., Student can inject arbitrary JavaScript payloads into a comment. When any other user Student, Teacher, or Admin views the annotated PD...

Cross-site Scripting (XSS)

Overview taguette is a Free and open source qualitative research tool Affected versions of this package are vulnerable to Cross-site Scripting XSS via the tag name, tag description, document name and document description. An attacker can execute arbitrary JavaScript code in the context of another...

CVE-2025-55072

Stored cross-site scripting XSS vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser...

CVE-2025-54760

Stored cross-site scripting XSS vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser...

CVE-2025-52583

Reflected cross-site scripting XSS vulnerability in desknet's Web Server allows execution of arbitrary JavaScript in a user’s web browser...

CVE-2025-55072

Stored cross-site scripting XSS vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser...

EUVD-2025-34746

Stored cross-site scripting XSS vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser...

CVE-2025-55072

Stored cross-site scripting XSS vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser...