59102 matches found
PT-2025-44217
Name of the Vulnerable Software and Affected Versions FastMCP versions prior to 2.13.0 Description FastMCP, a framework for building MCP applications, is affected by a reflected cross-site scripting issue. The problem exists in the OAuth client callback page oauth callback.py due to the insertion...
IPFire 安全漏洞
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire has a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the QUOTAUSERS parameter of the...
IPFire 安全漏洞
IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from the pienumber parameter not being properly cleaned and encoded, which can be exploited by an attacker to inje...
EUVD-2025-36326
IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
CVE-2025-54965
An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...
CVE-2025-41384
Cross-Site Scripting XSS vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary doma...
CVE-2025-41384 Reflected Cross-Site Scripting (XSS) in SuiteCRM
Cross-Site Scripting XSS vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary doma...
EUVD-2025-36178
Cross-Site Scripting XSS vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary doma...
Cross-site Scripting (XSS)
net.mingsoft:ms-mcms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper validation of user-supplied input, which allows an attacker to inject and execute arbitrary JavaScript in the victim’s browser through a crafted payload...
EUVD-2025-36092
Malicious code in polyfill-corejs3 npm...
CVE-2025-62942
CVE-2025-62942 is a stored XSS in WP Mapbox GL JS Maps (Tempranova) affecting versions
CVE-2025-11447 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads...
CVE-2025-54965
An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...
Malicious code in binance-connector-js (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 61b2f0cbecf7f16706a567eb1deed7a8dc1722f112d2a002a9e94e690a066f3d Any computer that has this package installed or running should be considered...
WordPress plugin eRoom 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
Exploit for CVE-2025-63307
CVE-2025-63307 – Authenticated Stored Cross-site Scripting XS...
CVE-2025-62716 Plane Vulnerable to Cross-Site Scripting via Open Redirect in ?next_path Parameter
Plane is open-source project management software. Prior to version 1.1.0, an open redirect vulnerability in the ?nextpath query parameter allows attackers to supply arbitrary schemes e.g., javascript: that are passed directly to router.push. This results in a cross-site scripting XSS vulnerabilit...
EUVD-2025-35851
Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when administrators view the application logs...
CVE-2025-5350 SSRF and Reflected XSS Vulnerability in Deprecated Try-It Feature of Multiple WSO2 Products
SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products within the deprecated Try-It feature, which was accessible only to administrative users. This feature accepted user-supplied URLs without proper validation, leading to server-side request forgery SSRF. Additionally, the...
CVE-2025-60936
Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when administrators view the application logs...