PT-2026-34557

Name of the Vulnerable Software and Affected Versions Frappe version 16.10.0 Description An authenticated attacker can persist crafted values in multiple field types to trigger client-side script execution when another user opens the affected document in Desk. This occurs because vulnerable...

CVE-2026-0696

In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values...

PT-2026-3252

Name of the Vulnerable Software and Affected Versions ConnectWise PSA versions prior to 2026.1 Description Certain session cookies were not configured with the HttpOnly attribute in affected versions. This could potentially allow client-side scripts to access session cookie values. Recommendation...

CVE-2026-22230

CVE-2026-22230 affects OPEXUS eCASE Audit with vulnerability due to incorrect access control that allows an authenticated attacker to modify client-side JavaScript or craft HTTP requests to access functions or buttons that administrators have disabled or blocked. The publicly documented fix is in...

EUVD-2019-8163

Malware in sbrugna...

EUVD-2018-17987

Malware in sbrugna...

EUVD-2018-17988

Malware in sbrugna...

EUVD-2019-19067

Malware in sbrugna...

EUVD-2020-26993

Malware in sbrugna...

EUVD-2019-9165

Malware in sbrugna...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataAddonlayouts and dataAddonlayoutsexcept parameters in the /apprain/developer/addons/update/960grid process. An attacker can execute arbitrary scripts in the context of a user's browser by submitting...

Security Bulletin: IBM Aspera Faspex 5 is vulnerable to cross-site scripting (CVE-2025-3423)

Summary IBM Aspera Faspex 5 is vulnerable to DOM-based cross-site scripting. Attackers could use this vulnerability to trick users into opening malicious URLs, allowing client-side scripts to process and execute at the user's browser. Vulnerability Details CVEID:CVE-2025-3423 DESCRIPTION: IBM...

CVE-2024-43732

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a malicious source is processed by a web...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the version control feature due to improper user input sanitization. An attacker can manipulate the output of the page by injecting malicious scripts through a malformed URL. Details Cross-site scripting...

PT-2024-25052 · Sap · Sapui5

Name of the Vulnerable Software and Affected Versions: SAPUI5 affected versions not specified Description: The issue concerns the execution of embedded JavaScript in PDF documents by the PDFViewer control in SAPUI5. If a PDF contains harmful client-side scripts, including JavaScript, the PDFViewe...

PT-2024-19702 · Open Xchange Gmbh +1 · Ox App Suite

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could...

CVE-2023-40460

The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted...

PT-2023-24714 · WordPress · Chilexpress Chilexpress Woo Oficial Plugin

Name of the Vulnerable Software and Affected Versions: Chilexpress Chilexpress woo oficial plugin versions 1.2.9 and earlier Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This vulnerability allows for the execution of malicious scripts on the...

Cross-site Scripting (XSS)

github.com/gotify/server is vulnerable to cross site scripting. The vulnerability exists in the UploadApplicationImage function in application.go because it allows authenticated users to upload html files where attacker could execute client side scripts...

GHSA-XV6X-456V-24XH gotify/server vulnerable to Cross-site Scripting in the application image file upload

Impact The XSS vulnerability allows authenticated users to upload .html files. With that, an attacker could execute client side scripts if another user opened a link, such as: https://push.example.org/image/alphanumeric string.html An attacker could potentially take over the account of the user...