CVE-2025-62296 Stored XSS in SOPlanning

SOPlanning is vulnerable to Stored XSS in /taches endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...

CVE-2025-62296

SOPlanning is vulnerable to Stored XSS in the /taches endpoint. A malicious user with medium privileges can inject HTML/JS that is rendered when opening the editor. The issue has a fixed patch in version 1.55. No exploit details are provided beyond the public vulnerability description in the conn...

EUVD-2025-198264

phppgadmin vulnerable to Cross-site Scripting...

CVE-2025-60796

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting XSS vulnerabilities across various components. User-supplied input from $REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php, admin.ph...

firefox: thunderbird: Incorrect boundary conditions in the JavaScript: WebAssembly component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the JavaScript: WebAssembly component...

firefox: thunderbird: Incorrect boundary conditions in the JavaScript: WebAssembly component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the JavaScript: WebAssembly component...

firefox: thunderbird: Incorrect boundary conditions in the JavaScript: WebAssembly component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the JavaScript: WebAssembly component...

firefox: thunderbird: Incorrect boundary conditions in the JavaScript: WebAssembly component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the JavaScript: WebAssembly component...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

CVE-2025-63243

A reflected cross-site scripting XSS vulnerability exists in the password change functionality of Pixeon WebLaudos 25.1 01. The slesSenha parameter to the loginAlterarSenha.asp file. An attacker can craft a malicious URL that, when visited by a victim, causes arbitrary JavaScript code to be...

CVE-2025-63879

A reflected cross-site scripted XSS vulnerability in the /ecommerce/products.php component of E-commerce Project v1.0 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the id parameter...

PT-2025-47654

Name of the Vulnerable Software and Affected Versions md-to-pdf versions prior to 5.2.5 Description md-to-pdf is a command-line interface CLI tool used for converting Markdown files to PDF format, utilizing Node.js and a headless Chrome browser. A flaw exists in the way the tool handles Markdown...

PT-2025-47635

Name of the Vulnerable Software and Affected Versions IBM Concert versions 1.0.0 through 2.0.0 Description IBM Concert is susceptible to cross-site scripting. An unauthenticated attacker can inject arbitrary JavaScript code into the Web UI, potentially modifying the intended functionality and...

PT-2025-47598

Name of the Vulnerable Software and Affected Versions SOPlanning versions prior to 1.55 Description SOPlanning is susceptible to a Stored Cross-Site Scripting XSS issue within the /status endpoint. An attacker possessing an account can inject arbitrary HTML and JavaScript code into the website...

PT-2025-47597

Name of the Vulnerable Software and Affected Versions SOPlanning versions prior to 1.55 Description SOPlanning is susceptible to a Stored Cross-Site Scripting XSS issue in the /projets API endpoint. An attacker with medium privileges can inject arbitrary HTML and JavaScript code into the website...

Google Chrome Type Obfuscation Vulnerability

Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from a type obfuscation vulnerability that stems from V8 type obfuscation, which can be exploited by an attacker to cause heap corruption...

Google Chrome Improperly Implemented Vulnerability

Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a mal-implementation vulnerability that stems from a V8 mal-implementation, which can be exploited by an attacker to leverage heap corruption via specially crafted HTML pages...

CVE-2025-63700

...

CouchAuth 安全漏洞

CouchAuth is a Perfood open source authentication API. A security vulnerability exists in CouchAuth version 0.21.2, which stems from session tokens and passwords being stored in JavaScript objects and not explicitly cleared, which could lead to sensitive data disclosure and session hijacking...

编号撤回

Official Clerk JavaScript SDKs is a Clerk open source official Javascript repository for Clerk authentication. A security vulnerability exists in the Official Clerk JavaScript SDKs version 5.88.0 that originates from an attacker being able to bypass the OAuth authentication process, potentially...