CVE-2025-65229

A stored cross-site scripting XSS vulnerability exists in the web interface of Lyrion Music Server = 9.0.3. An authenticated user with access to Settings Player can save arbitrary HTML/JavaScript in the Player name field. That value is stored by the server and later rendered without proper output...

TencentOS Server 4: harbor (TSSA-2025:0614)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0614 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

SUSE CVE-2025-32019

Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0-rc1 and 2.13.0-rc1, contain a vulnerability where the markdown field in the info tab page can be exploited to inject XSS code. This is fixed ...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the markdown field in the info tab page. An attacker can execute arbitrary JavaScript code in the context of a user's browser by injecting malicious content. Details Cross-site scripting or XSS is a code...

Security issue: user can copy page with only view permissions

I have a user who only has view permissions to a space. Logging on as that user, I went to the Info tab of a page. The Copy operation appeared, and I was able click the link, edit the copied page, and save it. This must be a security hole?...