59103 matches found
CVE-2025-61417
Cross-Site Scripting XSS vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/mediamanager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to...
Node.js Express DevMode Enabled
Node.js Express installed on the remote host is configured to operate in development mode devMode. While this environment can help speed up development of web applications, it can leak information about the underlying web applications as well as the installation of Express, Node.js. No source dat...
Moodle GeniAI plugin 安全漏洞
Moodle GeniAI plugin is a large modeling plugin for Moodle open source. A security vulnerability exists in Moodle GeniAI plugin version 2.3.6, which stems from an uncleaned JavaScript embedded in PDF files and could lead to a cross-site scripting attack...
CVE-2025-61255
Bank Locker Management System by PHPGurukul is affected by a Cross-Site Scripting XSS vulnerability via the /search parameter, where unsanitized input allows arbitrary HTML and JavaScript injection, potentially resulting in information disclosure and user redirection...
CVE-2025-61255
CVE-2025-61255 is a cross-site scripting (XSS) vulnerability affecting the Bank Locker Management System by PHPGurukul, exploitable through the /search parameter where unsanitized input allows arbitrary HTML/JavaScript injection. This can lead to information disclosure and user redirection. The i...
CVE-2025-60507
CVE-2025-60507 describes a cross-site scripting vulnerability in Moodle GeniAI plugin (local_geniai) version 2.3.6. An authenticated user with the Teacher role can upload a PDF containing embedded JavaScript. The system outputs a direct HTML link to the uploaded file without sanitization, enablin...
CVE-2025-56800
The vulnerability CVE-2025-56800 affects Reolink Desktop Application version 8.18.12. Local authentication can be bypassed because lock screen logic runs in client-side JavaScript within the Electron bundle, exposing the password via a.settingsManager.lockScreenPassword. An attacker with local ac...
EUVD-2025-35200
Cross site scripting vulnerability in Moodle GeniAI plugin localgeniai 2.3.6. An authenticated user with Teacher role can upload a PDF containing embedded JavaScript. The assistant outputs a direct HTML link to the uploaded file without sanitization. When other users including Students or...
GI-DocGen Cross-Site Scripting Vulnerability
GI-DocGen is an open source document generation library for GNOME. GI-DocGen suffers from a cross-site scripting vulnerability that stems from susceptibility to cross-site scripting attacks that could lead to the execution of JavaScript code in a web environment...
EUVD-2025-35227
Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable...
CVE-2025-60507
Cross site scripting vulnerability in Moodle GeniAI plugin localgeniai 2.3.6. An authenticated user with Teacher role can upload a PDF containing embedded JavaScript. The assistant outputs a direct HTML link to the uploaded file without sanitization. When other users including Students or...
Cross-site Scripting (XSS)
Overview taguette is a Free and open source qualitative research tool Affected versions of this package are vulnerable to Cross-site Scripting XSS via the tag name, tag description, document name and document description. An attacker can execute arbitrary JavaScript code in the context of another...
PYSEC-2025-188
Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...
PYSEC-2025-188
Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...
CVE-2025-62528
Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...
EUVD-2025-35096
Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...
CVE-2025-62528
CVE-2025-62528 affects Taguette
thunderbird: firefox: Some non-writable Object properties could be modified
A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...
thunderbird: firefox: Some non-writable Object properties could be modified
A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...
EUVD-2025-31060
rollbar vulnerable to prototype pollution...