CVE-2025-63639

The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting XSS due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing th...

CVE-2025-33110

CVE-2025-33110 affects IBM OpenPages 9.1 and 9.0 with Watson. The issue is HTML injection in the UI, allowing a remote attacker to inject HTML that runs in the victim’s browser within the hosting site’s security context. IBM’s bulletin confirms affected versions and lists fixes: 9.1.2 for 9.1 and...

PT-2025-45374

IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

Stored Cross-Site Scripting (XSS)

com.liferay, com.liferay.change.tracking.service is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper validation of user-supplied input in the notifications widget’s “Name” text field, which allows an attacker to inject arbitrary web scripts or HTML into a...

CVE-2025-63417

A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat message input field. This malicious content is stored and then executed in the context of other users'...

EUVD-2024-55059

Nagios Log Server versions prior to 2024R1 contain a stored cross-site scripting XSS vulnerability where an attacker-supplied username containing JavaScript is stored and later rendered without proper encoding/escaping in admin or user-facing pages. When an authenticated victim loads the affected...

CVE-2024-58272

...

CVE-2025-36121

IBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A remotely authenticated attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2025-36121

IBM OpenPages 9.0 and 9.1 are affected by an HTML injection (XSS) vulnerability in a specific URL endpoint. A remotely authenticated attacker could inject malicious HTML that executes in the victim’s browser within the hosting site's security context. CVSS v3.1 base score is 5.4 (medium) with net...

PT-2025-43972

Name of the Vulnerable Software and Affected Versions IBM OpenPages versions 9.0 and 9.1 Description IBM OpenPages versions 9.0 and 9.1 are susceptible to HTML injection. A remotely authenticated attacker can inject malicious HTML code that executes in a victim’s web browser within the security...

EUVD-2025-35655

Movable Type contains a stored cross-site scripting vulnerability in Edit CategorySet of ContentType page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit CategorySet of...

EUVD-2025-34746

Stored cross-site scripting XSS vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser...

CVE-2025-58115

ChatLuck contains a cross-site scripting vulnerability in Guest User Sign-up. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing the product...

ChatLuck 跨站脚本漏洞

ChatLuck is an enterprise internal and external communication software from the Japanese company ChatLuck. ChatLuck suffers from a cross-site scripting vulnerability that originates from a cross-site scripting vulnerability in ChatLuck, which could lead to the execution of arbitrary script in a...

ChatLuck 跨站脚本漏洞

ChatLuck is an enterprise internal and external communication software from the Japanese company ChatLuck. ChatLuck suffers from a cross-site scripting vulnerability that originates from a cross-site scripting vulnerability in guest user registration, which could lead to the execution of arbitrar...

CVE-2025-60374

Stored Cross-Site Scripting XSS in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A...

CVE-2025-60374

Stored Cross-Site Scripting XSS in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A...

CVE-2025-42901

SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability ...

CVE-2025-42901 Code Injection vulnerability in SAP Application Server for ABAP (BAPI Browser)

SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability ...

EUVD-2025-34126

SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of BAPI explorer. This has low impact on confidentiality and integrity with no impact on availability ...