59137 matches found
KLA89242 Multiple vulnerabilities in Mozilla Thunderbird
Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions, perform cross-site scripting attack. Below is a complete list of...
PT-2025-41968
Name of the Vulnerable Software and Affected Versions Home Assistant versions 2025.1.0 through 2025.10.1 Description Home Assistant is home automation software that prioritizes local control and privacy. The energy dashboard is susceptible to stored cross-site scripting. An authenticated user can...
LibreNMS is vulnerable to Reflected-XSS in `report_this` function
Summary Reflected-XSS in reportthis function in librenms/includes/functions.php Details Recently, it was discovered that the reportthis function had improper filtering htmlentities function was incorrectly used in a href environment, which caused the projectissues parameter to trigger an XSS...
GHSA-GXP8-M5RQ-3M38 QGIS QWC2 Cross-Site Scripting vulnerability
Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...
Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk
Think your WAF has you covered? Think again. This holiday season, unmonitored JavaScript is a critical oversight allowing attackers to steal payment data while your WAF and intrusion detection systems see nothing. With the 2025 shopping season weeks away, visibility gaps must close now. Get the...
Remote Code Execution
Flowise is vulnerable toRemote Code Execution. The vulnerability is due to unsafe evaluation of user-supplied configuration in the convertToValidJSONString function executing the mcpServerConfig input as JavaScript, An attackers can use this to execute arbitrary Node.js code to run commands or...
CVE-2025-11184
Cross-site scripting vulnerability in QGIS QWC2 Registration GUI =v2025.03.31 allows an authorized attacker to plant arbitrary JavaScript code in the page...
Cross-site Scripting (XSS)
Overview qwc2 is a QGIS Web Client Affected versions of this package are vulnerable to Cross-site Scripting XSS via multiple components, including ServiceInfoWindow, SearchBox, LayerInfoWindow, and others. An attacker can execute arbitrary JavaScript code in the context of the user's browser by...
CVE-2025-11184 Cross-Site Scripting Vulnerability in QWC2 Registration GUI
Cross-site scripting vulnerability in QGIS QWC2 Registration GUI =v2025.03.31 allows an authorized attacker to plant arbitrary JavaScript code in the page...
CVE-2025-11184
CVE-2025-11184 affects QGIS QWC2 Registration GUI up to version 2025.03.31. It enables an authorized attacker to inject arbitrary JavaScript (XSS) into the page, with potential impact to Confidentiality (High) and Integrity (Low) per CVSS. Remediation: upgrade to a version later than 2025.03.31 (...
CVE-2025-11183 Cross-Site Scripting Vulnerability in QWC2
Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...
CVE-2025-11183 Cross-Site Scripting Vulnerability in QWC2
Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...
CVE-2025-11183
CVE-2025-11183. QGIS QWC2’s attribute table is vulnerable to Cross-Site Scripting (XSS) due to improper handling of user input, allowing an authorized attacker to inject and execute arbitrary JavaScript in the user’s browser. Affected version: QWC2
CVE-2025-61319
ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload, the unsanitized payload is rendered in the ReNgine web UI, resulting in arbitrary JavaScript execution in the victim's browser. This can b...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23553)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23556)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
QGIS QWC2 Registration GUI 安全漏洞
The QGIS QWC2 Registration GUI is an optional application of the Web Front End Client Framework from the QGIS organization. A security vulnerability exists in QGIS QWC2 Registration GUI v2025.03.31 and earlier versions, which originates from an authorized attacker who can plant arbitrary JavaScri...
QGIS QWC2 安全漏洞
QGIS QWC2 is a web front-end client framework from the QGIS organization. A security vulnerability exists in QGIS QWC2 versions prior to 2025.08.14, which stems from a cross-site scripting vulnerability in the attribute table that could lead to an authorized attacker planting arbitrary JavaScript...
PT-2025-41780
Name of the Vulnerable Software and Affected Versions QGIS QWC2 Registration GUI versions through 2025.03.31 Description A cross-site scripting issue exists in QGIS QWC2 Registration GUI. An authorized attacker can inject arbitrary JavaScript code into the page. Recommendations Update QGIS QWC2...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23550)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...