59143 matches found
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23553)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23556)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23554)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
QGIS QWC2 Registration GUI 安全漏洞
The QGIS QWC2 Registration GUI is an optional application of the Web Front End Client Framework from the QGIS organization. A security vulnerability exists in QGIS QWC2 Registration GUI v2025.03.31 and earlier versions, which originates from an authorized attacker who can plant arbitrary JavaScri...
QGIS QWC2 安全漏洞
QGIS QWC2 is a web front-end client framework from the QGIS organization. A security vulnerability exists in QGIS QWC2 versions prior to 2025.08.14, which stems from a cross-site scripting vulnerability in the attribute table that could lead to an authorized attacker planting arbitrary JavaScript...
PT-2025-41780
Name of the Vulnerable Software and Affected Versions QGIS QWC2 Registration GUI versions through 2025.03.31 Description A cross-site scripting issue exists in QGIS QWC2 Registration GUI. An authorized attacker can inject arbitrary JavaScript code into the page. Recommendations Update QGIS QWC2...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23550)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23549)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23546)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23539)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23565)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
XSS-Payloads-to-Bypass-WAFs
PoC exploit for XSS payloads to bypass WAFs, specifically target...
CVE-2025-11189
The Kiwire Captive Portal contains a reflected cross-site scripting XSS vulnerability within the login-url parameter, allowing for Javascript execution...
EUVD-2025-33777
Happy DOM: VM Context Escape can lead to Remote Code Execution...
CVE-2025-35060
Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...
CVE-2025-61927
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the us...
CVE-2025-61927 Happy-DOM has VM Context Escape
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the us...
CVE-2025-61927 Happy-DOM has VM Context Escape
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the us...
CVE-2025-61927
CVE-2025-61927 affects Happy DOM v19 and earlier, where the Node.js VM Context is not isolated and untrusted JavaScript executed inside the Happy DOM VM can escape to access process-level functionality. Depending on module system (ESM vs CommonJS), attackers may obtain access to powerful objects ...
CVE-2025-60880
An authenticated stored XSS vulnerability exists in the Bagisto 2.3.6 admin panel's product creation path, allowing an attacker to upload a crafted SVG file containing malicious JavaScript code. This vulnerability can be exploited by an authenticated admin user to execute arbitrary JavaScript in...