CVE-2025-45778

A stored cross-site scripting XSS vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description text field...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via modifications to the configuration file in the underlying operating system. An attacker can execute arbitrary scripts in the context of the affected application by injecting malicious content into the...

CVE-2024-42912

The CVE-2024-42912 issue affects META-INF Kft. Email This Issue (Data Center) prior to version 9.13.0-GA. The vulnerability is a cross-site scripting (XSS) flaw that allows an attacker to inject arbitrary web scripts or HTML by crafting a payload into the recipient field of an e-mail message. Imp...

CVE-2025-6705

A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system’s build scripts were executed without proper isolation, potentially exposing a privileged token. This token enabled the publishing of new...

CVE-2025-6705

A vulnerability in the Eclipse Open VSX Registry’s automated publishing system could have allowed unauthorized uploads of extensions. Specifically, the system’s build scripts were executed without proper isolation, potentially exposing a privileged token. This token enabled the publishing of new...

CVE-2023-44915

A cross-site scripting XSS vulnerability in the component /Login.php of c3crm up to v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the loginerror parameter...

CLSA-2025-1750782430 yelp: Fix of CVE-2025-3155

CVE-2025-3155: fix execution of arbitrary scripts in help documents, preventing malicious file exfiltration...

CVE-2025-43877

WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of the product...

CVE-2025-27828

A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4, 10.1.0.0 through 10.1.0.5, and 10.2.0.0 through 10.2.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient input validation. A...

WordPress plugin Advanced Sermons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Advanced Sermons plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

WordPress plugin Click to Chat 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Click to Chat plugin, which stems from insufficient input cleanup and escaping, and can be exploited by an attacker ...

OESA-2025-1609 yelp security update

Yelp is the help viewer in GNOME. It natively views Mallard, DocBook, man, info, and HTML documents. It can locate documents according to the freedesktop.org help system specification. Security Fixes: A flaw was found in Yelp. The Gnome user help application allows the help document to execute...

OESA-2025-1606 yelp security update

Yelp is the help viewer in GNOME. It natively views Mallard, DocBook, man, info, and HTML documents. It can locate documents according to the freedesktop.org help system specification. Security Fixes: A flaw was found in Yelp. The Gnome user help application allows the help document to execute...

Amazon Linux 2 : yelp (ALAS-2025-2862)

The version of yelp installed on the remote host is prior to 3.28.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2862 advisory. A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability...

Medium: yelp

Issue Overview: A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. CVE-2025-3155 Affected Packages: yelp Not...

Medium: yelp-xsl

Issue Overview: A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. CVE-2025-3155 Affected Packages: yelp-xsl...

Medium: yelp

Issue Overview: A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. CVE-2025-3155 Affected Packages: yelp Not...

[SECURITY] [DLA 4184-1] yelp security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4184-1 [email protected] https://www.debian.org/lts/security/ Lucas Kanashiro May 28, 2025 https://wiki.debian.org/LTS -...

CVE-2024-30160

A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting XSS attack due to insufficient validation of user input. A successful exploit could allow ...

CVE-2024-44717

A cross-site scripting XSS vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...