CVE-2024-56882

CVE-2024-56882 affects Sage DPW before 2024_12_000. Affected component: Kurstitel and Kurzinfo input fields where low-privileged users with the employee role can permanently store JavaScript. The injected payload is executed for each authenticated user who views/interacts with the modified data. ...

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2025-04978)

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting...

IBM Security Verify Access Cross-Site Scripting Vulnerability (CNVD-2025-06213)

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated acce...

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2025-04976)

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting...

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2025-04977)

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the vlSelectionTuples function, allowing the usage of Function with arbitrary JavaScript code. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious...

CVE-2024-56463

IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-56463 IBM QRadar SIEM cross-site scripting

IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-56463 IBM QRadar SIEM cross-site scripting

IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-56463

CVE-2024-56463 (IBM QRadar SIEM 7.5) is a cross-site scripting vulnerability that could allow a privileged user to embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. The IBM Security Bulletin confirms affected product/version: IBM QRa...

CVE-2024-36361

Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...

CVE-2024-31974

The com.solarized.firedown aka Solarized FireDown Browser & Downloader application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately...

CVE-2025-1271 Reflected Cross-Site Scripting (XSS) vulnerability in H6Web

Reflected Cross-Site Scripting XSS in Anapi Group's h6web. This security flaw could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected code is executed in their browser, which can result in the theft of sensitive information, identity the...

CVE-2025-1145 NetVision Information ISOinsight - Reflected Cross-site Scripting

NetVision Information ISOinsight has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques...

CVE-2025-1145

CVE-2025-1145 affects NetVision Information ISOinsight. The connected sources describe a reflected Cross-site Scripting vulnerability that allows unauthenticated remote attackers to execute arbitrary JavaScript in a user’s browser, typically via phishing. The impact is user-side script execution ...

IBM ApplinX Cross-Site Scripting Vulnerability (CNVD-2025-06208)

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. A cross-site scripting vulnerability exists in IBM ApplinX, which can be exploited by an attacker to embed arbitrary JavaScript code in the Web UI,...

IBM ApplinX Cross-Site Scripting Vulnerability (CNVD-2025-06207)

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. A cross-site scripting vulnerability exists in IBM ApplinX, which can be exploited by an attacker to embed arbitrary JavaScript code in the Web UI,...

CVE-2024-52892

IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

CVE-2025-24981

MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. In affected versions unsafe parsing logic of the URL from markdown can lead to arbitrary JavaScript code due to a bypass to the existing guards around the javascript: protocol scheme in the URL. Th...

CVE-2024-57237

Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross Site Scripting XSS in the /reqproc/procget endpoint. The vulnerability arises because the cmd parameter does not properly sanitize input and the response is served with a Content-Type of text/html. This behavior allows the...