CVE-2025-56320

Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting XSS in its chat box component. This allows a remote attacker to execute arbitrary code. NOTE: the Supplier reports that this is "Present only in an obsolete, unsupported version no longer in circulation."...

CVE-2025-56320

Enterprise Contract Management Portal v.22.4.0 is vulnerable to Stored Cross-Site Scripting XSS in its chat box component. This allows a remote attacker to execute arbitrary code. NOTE: the Supplier reports that this is "Present only in an obsolete, unsupported version no longer in circulation."...

PT-2025-22848 · Unknown · Tmall Demo

Name of the Vulnerable Software and Affected Versions: Tmall Demo up to 20250505 Description: A vulnerability has been found in the Search Box component of Tmall Demo, allowing for cross-site scripting through remote attack. The manipulation of an unknown function leads to this issue. The vendor...

Cross-site scripting (XSS) from field and configuration text displayed in the Panel

On Saturday, @hdodov reported that the Panel's ListItem component used in the pages and files section for example displayed HTML in page titles as it is. This could be used for cross-site scripting XSS attacks. We used his report as an opportunity to find and fix XSS issues related to dynamic sit...

Oracle VM VirtualBox Access Control Error Vulnerability (CNVD-2019-27291)

Oracle Virtualization is a set of virtualization solutions from Oracle Corporation. The solution is used to unify the management of the entire hardware and software system from applications to disks, enabling virtualization from the desktop to the data center.VM VirtualBox is one of the virtual...

CVE-2018-17046

translate man before 2018-08-21 has XSS via containers/outputBox/outputBox.vue and store/index.js...