59100 matches found
Chromium: CVE-2025-12441 Out of bounds read in V8
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2025-12429 Inappropriate implementation in V8
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2025-12460 Stored XSS vulnerability in Afterlogic Aurora webmail
An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img HTML tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...
CVE-2025-12460
Summary: CVE-2025-12460 describes a Stored XSS vulnerability in Afterlogic Aurora webmail. Affected versions: 9.8.3 and earlier. ** vulnerability mechanism:** an attacker can embed JavaScript in an HTML email via an img tag, which may execute in the recipient’s webmail browser context. Impact (pe...
Update Chrome now: 20 security fixes just landed
Google has released an update for its Chrome browser that includes 20 security fixes, several of which are classed as high severity. Most of these flaws were found in Chrome’s V8 engine—the part of Chrome and other Chromium-based browsers that runs JavaScript. Chrome is by far the world’s most...
Cross-site Scripting
Liferay Portal is vulnerable to Cross-Site Scripting. The vulnerability is due to the Calendar events feature failing to escape or validate HTML in the First Name, Middle Name, and Last Name text fields, and attackers can exploit this by submitting crafted payloads into those fields to execute...
CVE-2025-52179
Cross-site scripting XSS vulnerability in Zucchetti Ad Hoc Revolution 4.1 and earlier allows remote unauthenticated attackers to inject arbitrary JavaScript via the pHtmlSource parameter of the /ahrw/jsp/gsfrfeditorHTML.jsp endpoint...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27648)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from not properly cleaning or coding the IGNOREENTRYREMARK parameter, which can be exploited by an attacker to...
PT-2025-44621
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 2024R1.1 Description A cross-site scripting XSS issue exists in Nagios XI when a user visits the "missing page" 404 page after following a link from another website. The page-missing.php component does not properly...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27646)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from insufficient cleaning and escaping of the pienumber parameter, which can be exploited by an attacker to injec...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27704)
IPFire is an open source Linux distribution from the IPFire organization. It is mainly used as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and escaping of the INCSPD, OUTSPD, DEFCLASSINC, and DEFCLASSOUT parameters,...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27707)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that can be exploited by attackers to inject arbitrary JavaScript code...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27645)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from not properly cleaning or coding the TLSHOSTNAME parameter, which can be exploited by an attacker to inject...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27708)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire has a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the QUOTAUSERS parameter of the...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27647)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from the pienumber parameter not being properly cleaned and encoded, which can be exploited by an attacker to inje...
IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27702)
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by mail server settings. An attacker can exploit this...
PT-2025-114: Stored XSS in FreeScout
The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to inject arbitrary HTML tags and JavaScript, leading to script execution in victims’ browsers and enabling social‑engineering attacks. Vulnerability status: Confirmed by vendor Date of...
Microsoft Edge 安全漏洞
Microsoft Edge is a web browser from Microsoft Corporation USA that comes with systems after Windows 10. A security vulnerability exists in Microsoft Edge that stems from an improper implementation in V8...
Revive Adserver 安全漏洞
Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from a...
Microsoft Edge (Chromium) < 142.0.3595.53 Multiple Vulnerabilities
The version of Microsoft Edge installed on the remote Windows host is prior to 142.0.3595.53. It is, therefore, affected by multiple vulnerabilities as referenced in the October 31, 2025 advisory. - Protection mechanism failure in Microsoft Edge Chromium-based allows an unauthorized attacker to...