5068 matches found
CVE-2025-58746
The CVE-2025-58746 issue affects the Volkov Labs Business Links panel for Grafana, where prior to version 2.4.0 an Editor can escalate to Administrator due to arbitrary JavaScript code injection in the Layout → Link → URL field. The vulnerability enables arbitrary administrative actions on affect...
CVE-2025-58746 Volkov Labs Business Links plugin vulnerable to privilege escalation attack
The Volkov Labs Business Links panel for Grafana provides an interface to navigate using external links, internal dashboards, time pickers, and dropdown menus. Prior to version 2.4.0, a malicious actor with Editor privileges can escalate their privileges to Administrator and perform arbitrary...
CVE-2025-58746 Volkov Labs Business Links plugin vulnerable to privilege escalation attack
The Volkov Labs Business Links panel for Grafana provides an interface to navigate using external links, internal dashboards, time pickers, and dropdown menus. Prior to version 2.4.0, a malicious actor with Editor privileges can escalate their privileges to Administrator and perform arbitrary...
CVE-2025-58746 Volkov Labs Business Links plugin vulnerable to privilege escalation attack
The Volkov Labs Business Links panel for Grafana provides an interface to navigate using external links, internal dashboards, time pickers, and dropdown menus. Prior to version 2.4.0, a malicious actor with Editor privileges can escalate their privileges to Administrator and perform arbitrary...
PT-2025-36525
Name of the Vulnerable Software and Affected Versions: Volkov Labs Business Links panel for Grafana versions prior to 2.4.0 Description: The Volkov Labs Business Links panel for Grafana allows navigation using external links, internal dashboards, time pickers, and dropdown menus. Prior to version...
PT-2025-36477
Name of the Vulnerable Software and Affected Versions: Smart Search & Filter Shopify App version 1.0 Description: A cross-site scripting XSS vulnerability exists in Smart Search & Filter Shopify App. A remote attacker can execute arbitrary JavaScript in a user's web browser by including a malicio...
CVE-2025-2694
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.71 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.71 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI...
CVE-2025-45805
In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an appointment...
CVE-2025-2694
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.71 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.71 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI...
CVE-2024-43184 IBM Jazz Foundation cross-site scripting
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...
CVE-2025-45805
In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an appointment...
CVE-2025-45805
In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an appointment...
CVE-2025-45805
CVE-2025-45805 affects phpgurukul Doctor Appointment Management System 1.0. An authenticated doctor can inject JavaScript into the doctor profile name, which is rendered unsafely when patients book an appointment, enabling stored XSS in the victim’s browser. The exploit is demonstrated in the lin...
CVE-2025-45805
In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an appointment...
CVE-2025-45805
In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an appointment...
PT-2025-35815
Name of the Vulnerable Software and Affected Versions: phpgurukul Doctor Appointment Management System version 1.0 Description: An authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is rendered without proper sanitization when a user visits the...
CVE-2025-33082
IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
PT-2025-35491
Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.1.0 Description: IBM Concert Software is susceptible to cross-site scripting. An authenticated user can embed arbitrary JavaScript code in the Web UI, potentially altering functionality and leadin...
Linux Distros Unpatched Vulnerability : CVE-2025-27406
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework Icinga Web 2. A vulnerability present...
Linux Distros Unpatched Vulnerability : CVE-2024-8648
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 16 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could...