Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the related asset selector. An attacker can execute arbitrary web scripts or inject malicious HTML by submitting crafted payloads into the First Name, Middle Name, or Last Name text fields. Details Cross-sit...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS when inviting users to an event. An attacker can execute arbitrary web script or inject HTML by supplying crafted input into the First Name, Middle text, or Last Name fields. Details Cross-site scripting or XSS ...

CVE-2025-10345

CVE-2025-10345 affects Perfex CRM in version 3.2.1. The issue is a stored HTML injection caused by insufficient validation of user input in the POST request to /admin/leads/lead, with malicious HTML supplied via the name and address parameters. Impact is described as stored HTML injection; exploi...

Mealie 安全漏洞

Mealie is a self-hosted recipe manager and meal planner by an individual developer in Hayden, USA. A security vulnerability exists in Mealie 3.0.1 and prior versions, which stems from the failure to clean and escape user input in the note and text fields in the recipe creation feature, which coul...

CVE-2025-52344

Multiple Cross Site Scripting XSS vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project Description input fields...

CVE-2025-57520

A Cross Site Scripting XSS vulnerability exists in Decap CMS thru 3.8.3. Input fields such as body, tags, title, and description are not properly sanitized before being rendered in the content preview pane. This enables an attacker to inject arbitrary JavaScript which executes whenever a user vie...

Cross-site Scripting (XSS)

Overview decap-cms is an An extensible, open source, Git-based, React CMS for static sites. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization of input fields such as body, tags, title, and description in the content preview pane. An attacker...

CVE-2025-57520

A Cross Site Scripting XSS vulnerability exists in Decap CMS thru 3.8.3. Input fields such as body, tags, title, and description are not properly sanitized before being rendered in the content preview pane. This enables an attacker to inject arbitrary JavaScript which executes whenever a user vie...

PT-2025-37081

Name of the Vulnerable Software and Affected Versions: Decap CMS versions through 3.8.3 Description: A Cross Site Scripting XSS vulnerability exists in Decap CMS. Input fields, including body, tags, title, and description, are not properly sanitized before being rendered in the content preview...

CVE-2025-41036

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAdmindescription', 'dataAdminfname' and 'dataAdminlname' parameters in /apprain/admin/account/edit...

CVE-2025-26210

DeepSeek R1 through V3.1 allows XSS, as demonstrated by JavaScript execution in the context of the run-html-chat.deepseeksvc.com domain. NOTE: some third parties have indicated that this is intended behavior...

CVE-2025-41036

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAdmindescription', 'dataAdminfname' and 'dataAdminlname' parameters in /apprain/admin/account/edit...

CVE-2025-26210

DeepSeek R1 through V3.1 allows XSS, as demonstrated by JavaScript execution in the context of the run-html-chat.deepseeksvc.com domain. NOTE: some third parties have indicated that this is intended behavior...

PT-2025-35720

Name of the Vulnerable Software and Affected Versions: DeepSeek versions R1 through V3.1 Description: DeepSeek versions R1 through V3.1 are susceptible to Cross-Site Scripting XSS, allowing for the execution of JavaScript in the context of the run-html-chat.deepseeksvc.com domain. Some sources...

JetBrains IntelliJ IDEA HTML Injection Vulnerability

JetBrains IntelliJ IDEA is an integrated development environment IDE developed by JetBrains , designed to improve developer productivity and code quality , mainly for Java programming , but also supports Kotlin, Web, Spring and other languages and frameworks . JetBrains IntelliJ IDEA suffers from...

CVE-2025-52217

The CVE-2025-52217 vulnerability affects SelectZero Data Observability Platform prior to version 2025.5.2. The issue stems from improper handling of user-supplied input in legacy UI fields, enabling HTML injection. Impact is HTML injection via these UI components; attack vector is user interactio...

PT-2025-23924 · Unknown · Media Gallery

Name of the Vulnerable Software and Affected Versions: RSMediaGallery component versions 1.7.4 through 2.1.6 Description: A SQL injection issue was discovered due to the use of unescaped user-supplied parameters in SQL queries within the dashboard component. This allows an authenticated attacker ...

CVE-2024-44684

TpMeCMS 1.3.3.2 is vulnerable to Cross Site Scripting XSS in /h.php/page?ref=addtabs via the "Title," "Images," and "Content" fields...

CVE-2024-27716

Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and before allows a remote attacker to execute arbitrary code via the message sending and user input fields...

CVE-2024-22776

Wallos 0.9 is vulnerable to Cross Site Scripting XSS in all text-based input fields without proper validation, excluding those requiring specific formats like date fields...