3296 matches found
CVE-2025-55072
The CVE-2025-55072 entry concerns a Stored cross-site scripting (XSS) vulnerability in desknet’s NEO, affecting versions V2.0R1.0 through V9.0R2.0. The issue can allow execution of arbitrary JavaScript in a user’s browser, with impact described as browser-side code execution. Public sources (NVD/...
CVE-2025-54859
CVE-2025-54859 is a stored cross-site scripting (XSS) vulnerability in desknet’s NEO versions up to V9.0R2.0. The issue permits execution of arbitrary JavaScript in a user’s browser due to a stored XSS flaw. Connected documents consistently identify desknet’s NEO as the affected product, with the...
CVE-2025-54859
Stored cross-site scripting XSS vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser...
CVE-2025-54760
A primary security issue is a Stored cross-site scripting (XSS) vulnerability in desknet’s NEO, affecting v9.0R2.0 and earlier, which could allow arbitrary JavaScript to run in a user’s browser. The CVE is corroborated by multiple sources (NVD/Red Hat/JVN/CVE records) noting the same description....
EUVD-2025-34748
Stored cross-site scripting XSS vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser...
CVE-2025-54760
Stored cross-site scripting XSS vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser...
CVE-2025-54760
Stored cross-site scripting XSS vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser...
CVE-2025-52583
The CVE-2025-52583 entry describes a Reflected cross-site scripting (XSS) vulnerability in desknet’s Web Server that allows execution of arbitrary JavaScript in a user’s browser. The connected sources confirm the issue is tied to desknet’s Web Server and identify the impact as client-side script ...
CVE-2025-52583
Reflected cross-site scripting XSS vulnerability in desknet's Web Server allows execution of arbitrary JavaScript in a user’s web browser...
CVE-2025-24833
Stored cross-site scripting XSS vulnerability in desknet's NEO versions V4.0R1.0–V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser...
Desknets Neo 跨站脚本漏洞
Desknets Neo is a remote office support software from Desknets Japan. A cross-site scripting vulnerability exists in Desknets Neo V9.0R2.0 and earlier versions, which originates from stored cross-site scripting and could lead to the execution of arbitrary JavaScript...
CVE-2025-11183
Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...
Cross-site Scripting (XSS)
Overview qwc2 is a QGIS Web Client Affected versions of this package are vulnerable to Cross-site Scripting XSS via multiple components, including ServiceInfoWindow, SearchBox, LayerInfoWindow, and others. An attacker can execute arbitrary JavaScript code in the context of the user's browser by...
CVE-2025-11184
CVE-2025-11184 affects QGIS QWC2 Registration GUI up to version 2025.03.31. It enables an authorized attacker to inject arbitrary JavaScript (XSS) into the page, with potential impact to Confidentiality (High) and Integrity (Low) per CVSS. Remediation: upgrade to a version later than 2025.03.31 (...
CVE-2025-61319
ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload, the unsanitized payload is rendered in the ReNgine web UI, resulting in arbitrary JavaScript execution in the victim's browser. This can b...
PT-2025-41780
Name of the Vulnerable Software and Affected Versions QGIS QWC2 Registration GUI versions through 2025.03.31 Description A cross-site scripting issue exists in QGIS QWC2 Registration GUI. An authorized attacker can inject arbitrary JavaScript code into the page. Recommendations Update QGIS QWC2...
CVE-2025-60869
Publii CMS v0.46.5 build 17089 allows persistent Cross-Site Scripting XSS via unsanitized input in configuration fields such as "Site Description" and "Footer Follow Buttons". An attacker can inject arbitrary JavaScript, which is stored in the project and executed in the browsers of remote visito...
EUVD-2025-33349
A cross-site scripting XSS vulnerability in the component /app/marketplace.html of Logseq v0.10.9 allows attackers to execute arbitrary code via injecting arbitrary Javascript into a crafted README.md file...
EUVD-2017-10272
Malware in sbrugna...
EUVD-2021-1309
Malware in sbrugna...