59096 matches found
CVE-2025-63588
An unauthenticated reflected cross-site scripting vulnerability in the query handling of CMSimpleXH allows remote attackers to inject and execute arbitrary JavaScript in a victim's browser via a crafted request e.g., a maliciously crafted POST login. Successful exploitation may lead to theft of...
CVE-2025-63589
A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...
Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values
Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values are not, allowing attackers to inject arbitrary JavaScript code. Who is impacted: - Any application using...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from an improper implementation vulnerability that stems from an improper implementation in V8. An attacker could exploit this vulnerability by exploiting a heap corruption vulnerability via a carefully constructed HTML...
CVE-2025-62722
LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, the social media sharing functionality contains a Stored Cross-Site Scripting XSS vulnerability that allows any authenticated user to inject arbitrary JavaScript by creating a link with malicious HTML in the...
MGASA-2025-0260 Updated mediawiki packages fix security vulnerabilities
i18n XSS vulnerability in HTMLMultiSelectField when sections are used. CVE-2025-3469 "reupload-own" restriction can be bypassed by reverting file. CVE-2025-32696 Cascading protection is not preventing file reversions. CVE-2025-32697 LogPager.php: Restriction enforcer functions do not correctly...
CVE-2025-10853
A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...
CVE-2025-10853
A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...
CVE-2025-10853
Summary: CVE-2025-10853 is a reflected XSS vulnerability in the management console of multiple WSO2 products caused by improper output encoding. The issue allows a malicious actor to tamper with specific parameters to inject arbitrary JavaScript into responses, potentially leading to UI manipulat...
CLSA-2025-1762361695 nodejs: Fix of CVE-2023-39333
CVE-2023-39333: fix maliciously crafted export names injection of JavaScript code...
CVE-2025-12682
The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'fileduringcheckout' function in all versions up to, and including, 2.9.8. This makes it possible for unauthenticated attackers to upload...
Cross-Site Scripting (XSS)
dotnetnuke.core is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the Biography field, which allows an attacker to inject and execute malicious JavaScript code in the context of the website, affecting other users including administrators and...
GHSA-JC85-FPWF-QM7X expr-eval does not restrict functions passed to the evaluate function
The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted variables object into the evaluate function and trigger arbitrary...
CVE-2025-12735
The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluat...
CVE-2025-12735
The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluat...
Prototype Pollution
Overview expr-eval-fork is a Mathematical expression evaluator fork with prototype pollution fix Affected versions of this package are vulnerable to Prototype Pollution via unrestricted member access IMEMBER and user-defined functions IFUNDEF in the expression evaluator. An attacker can execute...
Prototype Pollution
Overview expr-eval is a Mathematical expression evaluator Affected versions of this package are vulnerable to Prototype Pollution via unrestricted member access IMEMBER and user-defined functions IFUNDEF in the expression evaluator. An attacker can execute arbitrary JavaScript code by providing...
CVE-2025-12735
Summary: CVE-2025-12735 affects the expr-eval JavaScript expression parser/evaluator. Insufficient input validation lets an attacker pass a crafted context object or leverage MEMBER of the context in evaluate(), enabling arbitrary code execution. This is a client-side JavaScript library vulnerabi...
JavaScript Expression Evaluator 安全漏洞
JavaScript Expression Evaluator is a math calculator by Matthew Crumley Personal Developer. A security vulnerability exists in JavaScript Expression Evaluator that stems from insufficient input validation and could lead to the execution of arbitrary code...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 5 security fixes: 443906252 High CVE-2025-12725: Out of bounds write in WebGPU. Reported by Anonymous on 2025-09-09 447172715 High CVE-2025-12726: Inappropriate implementation in Views. Reported by Alesandro Ortiz on 2025-09-25 454485895 High...