358 matches found
PT-2025-40338
Name of the Vulnerable Software and Affected Versions Ekushey CRM version 5.0 Description A stored cross site scripting issue exists in Ekushey CRM version 5.0 due to insufficient validation of user-supplied data. The issue is located in the project file upload functionality via the...
PT-2025-40337
Name of the Vulnerable Software and Affected Versions Ekushey CRM version 5.0 Description A stored Cross Site Scripting issue exists in Ekushey CRM version 5.0 due to insufficient validation of user-supplied data. The issue is located in the project bug creation functionality, accessible via the...
CVE-2025-57444
An authenticated cross-site scripting XSS vulnerability in the Administrative interface of Radware AlteonOS Web UI Management v33.0.4.50 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description parameter...
CVE-2025-57444
An authenticated cross-site scripting XSS vulnerability in the Administrative interface of Radware AlteonOS Web UI Management v33.0.4.50 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description parameter...
CVE-2025-57444
Radware AlteonOS Web UI Management (v33.0.4.50) has an authenticated XSS in the Administrative interface caused by insufficient validation of the Description parameter, enabling injection of arbitrary web scripts/HTML. Documented impact is arbitrary script execution within the authenticated user ...
CVE-2025-57444
An authenticated cross-site scripting XSS vulnerability in the Administrative interface of Radware AlteonOS Web UI Management v33.0.4.50 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description parameter...
PT-2025-40293
Name of the Vulnerable Software and Affected Versions Radware AlteonOS Web UI Management version 33.0.4.50 Description A security issue exists in the Administrative interface of Radware AlteonOS Web UI Management. An attacker with authentication can inject a crafted payload into the Description...
CVE-2025-10790
A security flaw has been discovered in SourceCodester Simple Forum Discussion System 1.0. This affects an unknown function of the file /ajax.php?action=savecategory. The manipulation of the argument Description results in sql injection. The attack can be executed remotely. The exploit has been...
CVE-2025-10790
A security flaw has been discovered in SourceCodester Simple Forum Discussion System 1.0. This affects an unknown function of the file /ajax.php?action=savecategory. The manipulation of the argument Description results in sql injection. The attack can be executed remotely. The exploit has been...
PT-2025-38700
Name of the Vulnerable Software and Affected Versions SourceCodester Simple Forum Discussion System version 1.0 Description A security flaw exists in SourceCodester Simple Forum Discussion System version 1.0. The issue involves SQL injection, which can be triggered by manipulating the Description...
PT-2025-38105
Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A vulnerability exists in Portabilis i-Educar up to version 2.10. The issue is related to cross site scripting in the file /intranet/educar calendario anotacao cad.php. Manipulation of the ...
Selleo Mentingo 代码注入漏洞
Selleo Mentingo is an in-house training and employee development platform from Selleo Poland. A code injection vulnerability exists in Selleo Mentingo version 2025.08.27, which stems from an incorrect manipulation of the parameter Description in the file /api/course/enroll-course, which could lea...
GHSA-XMCW-MV9P-7PQ2 Duplicate Advisory: Keycloak error_description injection on error pages that can trigger phishing attacks
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-27gc-wj6x-9w55. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescriptio...
CVE-2025-10044
A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the errordescription query parameter, which is rendered directly on error pages without validation or sanitization. An attacker can display misleading messages within the trusted user interface by crafting...
O2OA 安全漏洞
O2OA is an enterprise application development platform from O2OA Open Source. A security vulnerability exists in O2OA version 10.0-410 and earlier, which stems from a cross-site scripting attack due to incorrect manipulation of the parameter description/queryName in the file...
CVE-2025-9655 O2OA Personal Profile person cross site scripting
A weakness has been identified in O2OA up to 10.0-410. This affects an unknown part of the file /xorganizationassemblecontrol/jaxrs/person/ of the component Personal Profile Page. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be launched...
CVE-2025-9434
A vulnerability was determined in 1000projects Online Project Report Submission and Evaluation System 1.0. This affects an unknown function of the file /admin/edittitle.php?id=1. Executing manipulation of the argument desc can lead to cross site scripting. The attack may be launched remotely. The...
CVE-2025-9434
The CVE-2025-9434 issue affects 1000projects Online Project Report Submission and Evaluation System 1.0. A cross-site scripting vulnerability exists in the file path /admin/edit_title.php?id=1 when the desc parameter is manipulated. The vulnerability can be exploited remotely, and public disclosu...
U.S. Dept Of Defense: Cross-Site Scripting via 'EVENT_DESCRIPTION' parameter
A Cross-Site Scripting XSS vulnerability was discovered in the POST method on the website, specifically through the EVENTDESCRIPTION parameter. Exploitation of this vulnerability could have led to severe consequences, including session hijacking. The vulnerability was caused by insufficient...