CVE-2025-52358

CVE-2025-52358 affects Vivaldi United Group iCONTROL+ Server (firmware 4.7.8.0.eden Logic 5.32 and earlier). The vulnerability is a cross-site scripting issue where attackers can inject JavaScript payloads into error or edit-menu-item parameters, which are executed in the victim’s browser session...

CVE-2023-38878

A reflected cross-site scripting XSS vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the 'error' and 'errordescription' parameters of 'oauth2.php'...

WordPress plugin WHMCS Bridge 跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions of WordPress WHMCS Bridge plugin prior to 6.4b, which ste...

PT-2005-1374 · Novell · Novell Groupwise Webaccess

Name of the Vulnerable Software and Affected Versions: Novell GroupWise WebAccess affected versions not specified Description: The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an...

CVE-2004-1829

Multiple cross-site scripting XSS vulnerabilities in error.php in Gijza.net Error Manager 2.1 for PHP-Nuke 6.0 allow remote attackers to inject arbitrary web script or HTML via the 1 pagetitle or 2 error parameters, or 3 certain parameters in the error log...