CVE-2020-37103 DotNetNuke 9.5 - Persistent Cross-Site Scripting

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...

CVE-2025-34163

Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An attacker can upload arbitrary files, including executable scripts such as .ashx, via a crafted multipart/form-data POST reques...

CVE-2025-6512

CVE-2025-6512 affects BRAIN2 (PT-Security entry PT-2025-26595) with BRAIN2 versions 0.0–3.05 vulnerable to code injected via report scripts by non-admin users. The script in a report can be executed on the BRAIN2 server with administrator rights, enabling potential code injection. Root cause: imp...

Cross-site Scripting (XSS)

@backstage/plugin-techdocs-backend is vulnerable to Cross-Site Scripting XSS. The vulnerability is caused due to improper handling of content in TechDocs storage buckets, allowing an attacker to inject executable scripts that are executed in the victim's browser when viewing documentation or...

CVE-2024-46976

A flaw was found in the backstage/plugin-techdocs-backend package. An attacker with control of the contents of the TechDocs storage buckets may be able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to a...

GHSA-5J94-F3MF-8685 @backstage/plugin-techdocs-backend vulnerable to circumvention of cross site scripting protection

Impact An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker provided link. Patches This has been fixed in the...

CVE-2024-46976

Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attack...

CVE-2024-46976 Circumvention of cross site scripting Protection in @backstage/plugin-techdocs-backend

Backstage is an open framework for building developer portals. An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attack...

CVE-2024-46976

CVE-2024-46976 affects the Backstage framework, specifically the @backstage/plugin-techdocs-backend . The root cause is that attacker-controlled content in the TechDocs storage buckets can inject executable scripts into TechDocs content, which then execute in a victim’s browser when documentation...

CVE-2024-3323

CVE-2024-3323 affects TIBCO JasperReports Server versions 8.0.4 and 8.2.0 (UI Request/Response Validation). The issue is a reflected Cross-Site Scripting vulnerability that allows injection of malicious scripts into a trusted app, potentially stealing a user’s active session cookie when a user cl...

CVE-2023-46596 Improper input validation in FireFlow’s VisualFlow workflow editor

Improper input validation in Algosec FireFlow VisualFlow workflow editor via Name, Description and Configuration File field in version A32.20, A32.50, A32.60 permits an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. Fixed in version A32.2...

Mozilla Firefox Injection Vulnerability (CNVD-2023-03055)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an injection vulnerability that stems from a failure to execute the Unsafe-Hashes CSP directive. An attacker could exploit this vulnerability to inject executable script...

Ponton X/P Messenger path traversal vulnerability

PONTON X/P Messenger is a highly configurable ebXML, AS/1, AS/2, AS/3 and AS/4 compliant messaging software from the German company PONTON. ponton X/P Messenger is vulnerable to a path traversal vulnerability that could be exploited by an attacker to upload executable scripts while obtaining...

openSUSE Security Update : ark (openSUSE-2017-92)

This update for ark fixes the following issues : - CVE-2017-5330: ark could run executable scripts when clicking on them boo1018648 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

OPENSUSE-SU-2017:0140-1 Security update for ark

This update for ark fixes the following issues: - CVE-2017-5330: ark could run executable scripts when clicking on them boo1018648...

OPENSUSE-SU-2017:0150-1 Security update for ark

This update for ark fixes the following issues: - CVE-2017-5330: ark could run executable scripts when clicking on them boo1018648...

Informatica: [oneclickdrsfdc-test.informatica.com] Tomcat Example Scripts Exposed Unauthenticated

Issue The consultant identified that there is an unauthenticated installation of apache tomcat installed on the affected host. This particular installation has the /examples directory exposed which contains several scripts that execute server side code, these scripts can also be leveraged to carr...

WordPress Front End Repository Manager Plugin <= 1.1 - Arbitrary File Upload

Because of this vulnerability, users can upload malicious executable scripts. Solution Update the plugin...