EUVD-2026-11387

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, stored cross-site scripting XSS in the Graphical Pain Map "clickmap" form allows any authenticated clinician to inject arbitrary JavaScript that executes in the browser of...

Sensitive Cookie Without "HttpOnly" Flag

Overview Affected versions of this package are vulnerable to Sensitive Cookie Without "HttpOnly" Flag via the comment field in the custom rules process. An attacker can execute arbitrary JavaScript in the context of the WebUI by submitting crafted input that is stored by the backend and rendered...

neopythonlogger

chrome-privless-encryption A PoC demonstrating how to bypass...

CVE-2026-0696

In ConnectWise PSA versions older than 2026.1, certain session cookies were not set with the HttpOnly attribute. In some scenarios, this could allow client-side scripts access to session cookie values...

ConnectWise PSA security vulnerabilities

ConnectWise PSA is a professional service automation software developed by ConnectWise in the United States. Versions of ConnectWise PSA prior to 2026.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of the HttpOnly attribute on certain session cookies, allowing...

CVE-2025-41747

An XSS vulnerability in pxcvlanIntfCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to...

EUVD-2025-201901

An XSS vulnerability in pxcportCntr.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...

CVE-2025-41750

An XSS vulnerability in pxcPortCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...

CVE-2025-41752

An XSS vulnerability in pxcportSfp.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...

CVE-2025-41746

An XSS vulnerability in pxcportSecCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-lev...

CVE-2025-41747

An XSS vulnerability in pxcvlanIntfCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to...

CVE-2025-41695

An XSS vulnerability in dynconn.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...

CVE-2025-41695 Reflected XSS vulnerability in dyn_conn.php

An XSS vulnerability in dynconn.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...

CVE-2025-41745 Reflected XSS vulnerability in pxc_portCntr2.php

An XSS vulnerability in pxcportCntr2.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-leve...

CVE-2025-41746

CVE-2025-41746 is a reflected XSS vulnerability in pxc_portSecCfg.php (pxc_portSecCfg.php/pxc portSecCfg.php as reported) that an unauthenticated attacker could leverage to induce an authenticated user to submit a manipulated POST request to change device configuration via the web UI. The issue i...

CVE-2025-41748 Reflected XSS vulnerability in pxc_Dot1xCfg.php

An XSS vulnerability in pxcDot1xCfg.php can be used by an unauthenticated remote attacker to trick an authenticated user to click on the link provided by the attacker in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-level...

CVE-2025-41748

Summary (CVE-2025-41748): A reflected XSS vulnerability in the web application module pxc_Dot1xCfg.php allows an unauthenticated attacker to trick an authenticated user into clicking a malicious link that changes device configuration parameters via the web-based management interface (WBM). The im...

CVE-2025-41750

CVE-2025-41750 is a reflected XSS in the web interface page pxc_PortCfg.php affecting Phoenix Contact FL SWITCH prior to version 3.50 . An unauthenticated attacker can lure an authenticated user to click a malicious link, enabling changes to device configuration parameters via the web-based manag...

CVE-2025-41751

CVE-2025-41751 describes a reflected XSS in pxc_portCntr.php that permits an unauthenticated remote attacker to trick an authenticated user into clicking a link to modify device configuration through the web-based management interface. The vulnerability affects parameters exposed in the WBM conte...

CVE-2025-41752

CVE-2025-41752 describes a reflected XSS in pxc_portSfp.php that can be exploited by an unauthenticated attacker to entice an authenticated user to click a malicious link and modify device configuration via web-based management. The vulnerability is reported as affecting PHOENIX CONTACT FL SWITCH...