CVE-2025-55273 HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability

HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker using external scripts can tamper with the DOM, altering the content or behavior of the application. Malicious scripts can steal cookies or session tokens, leading to session hijacking...

CVE-2025-55273

HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker using external scripts can tamper with the DOM, altering the content or behavior of the application. Malicious scripts can steal cookies or session tokens, leading to session hijacking...

CVE-2025-55273 HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability

HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker using external scripts can tamper with the DOM, altering the content or behavior of the application. Malicious scripts can steal cookies or session tokens, leading to session hijacking...

PT-2025-54237

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and earlier Description The software contains a command injection issue. Local authenticated users can create malicious files in the /tmp directory with a '.dns.pid' extension. An unauthenticated...

CVE-2025-52655 HCL MyXalytics is affected by a Cross-Domain Script Include vulnerability.

Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6 allows Loading third-party scripts without integrity checks or validation can allow external code run in the application's context, risking data exposure...

CVE-2025-52655 HCL MyXalytics is affected by a Cross-Domain Script Include vulnerability.

Inclusion of Functionality from Untrusted Control Sphere vulnerability in HCL MyXalytics. v6.6 allows Loading third-party scripts without integrity checks or validation can allow external code run in the application's context, risking data exposure...

CVE-2025-52655

CVE-2025-52655 affects HCL MyXalytics 6.6. The flaw is inclusion of functionality from an untrusted control sphere, allowing loading of third‑party scripts without integrity checks or validation. This can cause external code to run in the application's context, risking data exposure. Exploitation...

Insolar: XDSI(Cross Domain Script Inclusion)

Summary: As I did not get the proper CWE id over id to add but the proper CWE id is 829: The page includes one or more script files from a third-party domain. Here you are including in your website, someone else's code; You don't have any control over what is in that code, and you don't have any...

DomainSale PHP Script SQL Injection Vulnerability

DomainSale PHP Script is a set of scripts for online domain name selling websites based on PHP and MySQL. A SQL injection vulnerability exists in DomainSale PHP Script version 1.0. The vulnerability can be exploited by remote attackers to inject SQL commands by sending the 'id' parameter to the...

Vulnerability in WordPress Could Allow Cross-Domain Script Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting WordPress version 3.1.2 and earlier, both as the cloud service from WordPress.com as well as the installable software available from WordPress.org. Microsoft discovered and disclose...

Microsoft Internet Explorer does not adequately validate window ornament parameters in dialog frames

Overview A vulnerability in the way Microsoft Internet Explorer IE handles window ornament parameters in dialog frames allows script from a dialog frame in one domain to execute in a different domain, including the Local Machine Zone. The script could read certain local files and data i.e. cookie...