CVE-2025-51503

Summary: CVE-2025-51503 is a stored XSS vulnerability in Microweber CMS 2.0 that allows injection of malicious scripts into user profile fields, resulting in arbitrary JavaScript execution in an admin browser. Affected product / component: Microweber CMS 2.0 (Microweber/microweber stack indicated...

CVE-2025-8319

the BMA login interface allows arbitrary JavaScript or HTML to be written straight into the page’s Document Object Model via the error= URL parameter...

CVE-2024-45515

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A Cross-Site Scripting XSS vulnerability exists in Zimbra webmail due to insufficient validation of the content type metadata when importing files into the briefcase. Attackers can exploit this issue by crafting a file with...

CVE-2024-45515

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A Cross-Site Scripting XSS vulnerability exists in Zimbra webmail due to insufficient validation of the content type metadata when importing files into the briefcase. Attackers can exploit this issue by crafting a file with...

📄 ISPConfig 3.3.0 Cross Site Scripting

ISPConfig version 3.3.0 suffers from a cross site scripting vulnerability in the system status webpage. CVE-2025-52206 Reflected Cross Site Scripting XSS Suggested description ISPConfig 3.3.0 is vulnerable to Cross Site Scripting XSS via the system status webpage...

CVE-2025-32731

A reflected cross-site scripting xss vulnerability exists in the radiationDoseReport.php functionality of meddream MedDream PACS Premium 7.3.5.860. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabilit...

CVE-2025-54414

Anubis is a Web AI Firewall Utility that weighs the soul of users' connections using one or more challenges in order to protect upstream resources from scraper bots. In versions 1.21.2 and below, attackers can craft malicious pass-challenge pages that cause a user to execute arbitrary JavaScript...

Copyparty 跨站脚本漏洞

Copyparty is a portable file server for ed individual developers. A cross-site scripting vulnerability exists in Copyparty 1.18.4 and earlier versions, which stems from improper cleaning of the multimedia tags of music files and could lead to the execution of arbitrary JavaScript code...

CVE-2025-41420

A cross-site scripting xss vulnerability exists in the userLogin cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2025-50128

A cross-site scripting xss vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2025-36548

A cross-site scripting xss vulnerability exists in the LoginWordPress loginForm cancelUri parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigg...

Cross-site Scripting (XSS)

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SVG Upload. An attacker can execute arbitrary JavaScript in the context of a user's browser by uploading a crafted SVG file containing malicious code. Details...

CVE-2025-50128

A cross-site scripting xss vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2025-50128

A cross-site scripting xss vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2025-46410

A cross-site scripting xss vulnerability exists in the managerPlaylists PlaylistOwnerUsersId parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to...

CVE-2025-53084

CVE-2025-53084 affects WWBN AVideo 14.4 and the dev master commit 8a8954ff. Talos reports a reflected XSS in the videosList.php page parameter handling (parameter: page) due to missing sanitization, enabling arbitrary JavaScript execution when a user visits a crafted page. The vulnerability is ex...

CVE-2025-50128

Cisco Talos reports a cross-site scripting (XSS) vulnerability in WWBN AVideo 14.4 and the dev master commit 8a8954ff, affecting the videoNotFound.php 404ErrorMsg parameter. A specially crafted HTTP request can cause arbitrary Javascript execution when a user visits a crafted page, enabling poten...

CVE-2025-50128

A cross-site scripting xss vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2025-50128

A cross-site scripting xss vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2025-36548

WWBN AVideo 14.4 and dev master commit 8a8954ff are vulnerable to a reflected XSS via the loginForm cancelUri parameter. A crafted HTTP request can cause arbitrary JavaScript execution when a user visits a malicious page. TALOS reports the vulnerability and notes vendor patches were released; rem...