EUVD-2023-60187

WebsiteBaker 2.13.3 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files with script tags that execute when the file is viewed, enabling persistent cross-site scripting...

EUVD-2023-60192

Rukovoditel 3.4.1 contains a stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert iframe and script payloads in application copyright text to execute arbitrary JavaScript in victim browsers...

IE Mode: A Window to the Web – or to Attackers?

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Recently, Internet Explorer IE Mode has been weaponized by threat actors through multiple zero-day...

CVE-2025-14021

The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content...

SUSE SLED15: MozillaThunderbird / MozillaThunderbird-translations-common / etc (SUSE-SU-2025:4397-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4397-1 advisory. Update to Mozilla Thunderbird 140.6 bsc1254551. - MFSA 2025-96 CVE-2025-14321: use-after-free in...

ROS-20251216-7359

A vulnerability in the V8 JavaScript script handler of Google Chrome and Microsoft Edge browsers is related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

PT-2025-51743

Name of the Vulnerable Software and Affected Versions PimpMyLog version 1.7.14 Description The software contains an improper access control issue that allows remote attackers to create administrator accounts without authorization through the configuration endpoint. Attackers can exploit the...

PT-2025-51751

Name of the Vulnerable Software and Affected Versions WebsiteBaker version 2.13.3 Description WebsiteBaker version 2.13.3 has a stored cross-site scripting issue. Authenticated users can upload malicious SVG files containing JavaScript. Uploading crafted SVG files with script tags allows for...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc USA. A security vulnerability exists in Google Chrome prior to version 143.0.7499.147, which stems from V8 out-of-bounds reads and writes that could lead to heap corruption...

PimpMyLog 安全漏洞

PimpMyLog is an open source log file viewer and analysis tool from Potsky, France. A security vulnerability exists in PimpMyLog version 1.7.14, which stems from improper access control and could allow a remote attacker to create an administrator account and inject malicious JavaScript...

ROS-20251216-7368

A vulnerability in the V8 JavaScript script handler of Google Chrome and Microsoft Edge browsers is related to reading data outside the buffer boundaries in memory. Exploitation of the vulnerability may allow a remote attacker to gain unauthorized access to protected information...

Cross-site Scripting (XSS)

Overview org.lucee:core is a coer build of Lucee Affected versions of this package are vulnerable to Cross-site Scripting XSS via the admin interface parameters. An attacker can execute arbitrary JavaScript in a victim's browser session by injecting malicious scripts through crafted requests to...

CVE-2023-53890

Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performi...

CVE-2023-53891

Blackcat CMS 1.4 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into page content. Attackers can insert JavaScript payloads in the page modification interface that execute when other users view the compromised page...

CVE-2023-53890

Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performi...

CVE-2023-53888

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files such as JavaScript and rename them to .php via the saveE and rename actions, then execute the...

CVE-2023-53890 Perch CMS 3.2 Stored Cross-Site Scripting via SVG File Upload

Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performi...

CVE-2023-53890

CVE-2023-53890 is associated with Perch CMS 3.2 and involves a stored cross-site scripting vulnerability where authenticated users can upload SVG files containing embedded JavaScript. The underlying issue is that crafted SVGs with script tags can execute when viewed, enabling client-side attacks ...

CVE-2023-53888 Zomplog 3.9 Remote Code Execution via Authenticated File Manipulation

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files such as JavaScript and rename them to .php via the saveE and rename actions, then execute the...

CVE-2023-53887 Zomplog 3.9 Cross-Site Scripting Vulnerability via Page Creation

Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...