CVE-2025-25476

A stored cross-site scripting XSS vulnerability in SysPass 3.2.x allows a malicious user with elevated privileges to execute arbitrary Javascript code by specifying a malicious XSS payload as a notification type or notification component...

CVE-2025-0719

IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste...

CVE-2025-1746

Cross-Site Scripting vulnerability in OpenCart versions prior to 4.1.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the search in the /product/search endpoint. This vulnerability could be exploited to steal...

CVE-2025-25476

CVE-2025-25476 describes a stored cross-site scripting (XSS) vulnerability in SysPass 3.2.x. A malicious user with elevated privileges can execute arbitrary JavaScript by injecting a payload into the notification type or notification component. The affected software/version is SysPass 3.2.x; the ...

CVE-2025-25476

A stored cross-site scripting XSS vulnerability in SysPass 3.2.x allows a malicious user with elevated privileges to execute arbitrary Javascript code by specifying a malicious XSS payload as a notification type or notification component...

CVE-2025-0719

IBM Cloud Pak for Data 4.0.0 through 4.8.5 and 5.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste...

CVE-2025-0719

CVE-2025-0719 affects IBM Cloud Pak for Data (versions 4.0.0–4.8.5 and 5.0.0). The IBM advisory describes a reflected cross-site scripting (XSS) vulnerability on the /error endpoint, where an unauthenticated attacker can inject JavaScript via the error parameter, potentially leading to credential...

CVE-2025-25299

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. During a recent internal audit, a Cross-Site Scripting XSS vulnerability was discovered in the CKEditor 5 real-time collaboration package. This vulnerability affects user markers, which represent users' positions within...

CVE-2024-28776

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2025-25299

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. During a recent internal audit, a Cross-Site Scripting XSS vulnerability was discovered in the CKEditor 5 real-time collaboration package. This vulnerability affects user markers, which represent users' positions within...

CVE-2025-25299 Cross-site scripting (XSS) in the real-time collaboration package

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. During a recent internal audit, a Cross-Site Scripting XSS vulnerability was discovered in the CKEditor 5 real-time collaboration package. This vulnerability affects user markers, which represent users' positions within...

CVE-2025-25299

CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. During a recent internal audit, a Cross-Site Scripting XSS vulnerability was discovered in the CKEditor 5 real-time collaboration package. This vulnerability affects user markers, which represent users' positions within...

CVE-2025-0423

In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple unauthenticated stored cross-site scripting vulnerabilities. An unauthenticated attacker is able to compromise the sessions of users on the server by injecting JavaScript code into their...

CVE-2024-56882

Sage DPW before 202412000 is vulnerable to Cross Site Scripting XSS. Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo input fields. The injected payload is executed for each authenticated user who views and interacts with...

CVE-2024-28776

IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2025-0423

In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple unauthenticated stored cross-site scripting vulnerabilities. An unauthenticated attacker is able to compromise the sessions of users on the server by injecting JavaScript code into their...

CVE-2025-0424

Cordaware bestinformed Web is affected by authenticated stored cross-site scripting due to improper input sanitization. An authenticated attacker can inject JavaScript into other users’ sessions, potentially enabling horizontal movement to higher-privileged accounts. The available connected sourc...

CVE-2025-0423 Multiple Unauthenticated Stored Cross-Site Scripting

In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple unauthenticated stored cross-site scripting vulnerabilities. An unauthenticated attacker is able to compromise the sessions of users on the server by injecting JavaScript code into their...

IBM ApplinX Cross-Site Scripting Vulnerability (CNVD-2025-04170)

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. A cross-site scripting vulnerability exists in IBM ApplinX version 11.1. The vulnerability stems from the application's lack of effective filtering and...

IBM Aspera Shares Cross-Site Scripting Vulnerability (CNVD-2025-04172)

IBM Aspera Shares is a Web application from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which...