CVE-2025-42985 Open Redirect vulnerability in SAP BusinessObjects Content Administrator workbench

Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim�s browser. This could potentially lead to the exposure or modification of web client data, resulting in low impact on confidentiality a...

CVE-2025-52462

Cross-site scripting vulnerability exists in Active! mail 6 BuildInfo: 6.30.01004145 to 6.60.06008562. If this vulnerability is exploited, an arbitrary script may be executed on the logged-in user's web browser when the user is accessing a specially crafted URL...

CVE-2025-41439

A reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an arbitrary script may be executed in the web browser of the user who accessed the product...

Security Vulnerabilities fixed in Firefox ESR 115.25 — Mozilla

A use-after-free in FontFaceSet resulted in a potentially exploitable crash. An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but not profiles...

CVE-2025-41364

Stored Cross-Site Scripting XSS vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and...

CVE-2025-41362

Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that...

PT-2025-24080 · Idf +1 · Idf +1

Name of the Vulnerable Software and Affected Versions: IDF versions 0.10.0-0C03-03 ZLF versions 0.10.0-0C03-04 Description: This issue allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this requires authenticating to the device and executi...

CVE-2025-41406

Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the moderator user...

CVE-2023-42436

Stored cross-site scripting vulnerability exists in the presentation feature of GROWI versions prior to v3.4.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

CVE-2023-37425

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary...

CVE-2021-32692

Activity Watch is a free and open-source automated time tracker. Versions prior to 0.11.0 allow an attacker to execute arbitrary commands on any macOS machine with ActivityWatch running. The attacker can exploit this vulnerability by having the user visiting a website with the page title set to a...

CVE-2020-29127

An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user using any web browser, the portal can be accessed with root privileges when the URI cgi-bin/csp?cspid=XXXXXXXXXX=cgiPgOverview=en is visited from a different web...

CVE-2020-8954

OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.a link that opens another app in the browser can be manipulated...

CVE-2012-2648

Cross-site scripting XSS vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser...

CVE-2025-2197 Type Confusion Vulnerability in Browser

Browser is affected by type confusion vulnerability, successful exploitation of this vulnerability may affect service availability...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...

CVE-2024-51950

CVE-2024-51950 affects Esri ArcGIS Server 10.9.1–11.3. A stored XSS vulnerability exists in the Server Admin UI (Services > lifecycleinfos) that can be triggered by a specially crafted link; an authenticated user with publisher privileges could cause arbitrary JavaScript execution in a victim’...

CVE-2024-43752 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-52268

Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product...

A week in security (October 14 – October 20)

Last week on Malwarebytes Labs: Unauthorized data access vulnerability in macOS is detailed by Microsoft 23andMe will retain your genetic information, even if you delete the account "Nudify" deepfake bots remove clothes from victims in minutes, and millions are using them Tor Browser and Firefox...