CVE-2024-37527 IBM OpenPages with Watson cross-site scripting

IBM OpenPages with Watson 8.3 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2023-46187

IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2023-46187 IBM InfoSphere Master Data Management cross-site scripting

IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-35145

IBM Maximo Application Suite 9.0.0 - Monitor Component is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

XVIDEOS: Stored XSS via SMTP Error Message

A Stored Cross-Site Scripting XSS vulnerability was identified on the /account/email page for www.xvideos.com. The vulnerability arose from the improper handling of SMTP error messages, which were passed into the html method without proper sanitization, allowing an attacker to store and execute...

IBM Jazz Foundation Cross-Site Scripting Vulnerability (CNVD-2025-02830)

IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Jazz Foundation. An attacker could exploit the vulnerability to embed arbitrary JavaScript code in the Web ...

CVE-2025-23227

IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

CVE-2025-23227

CVE-2025-23227 affects IBM Tivoli Application Dependency Discovery Manager (TADDM) versions 7.3.0.0 through 7.3.0.11. The issue is a stored cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript into the Web UI, potentially leading to credential disclosu...

CVE-2023-50309

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2023-50309

CVE-2023-50309 affects IBM Sterling B2B Integrator: stored cross-site scripting in the Web UI. Affected versions are 6.0.0.0–6.1.2.5 and 6.2.0.0. The vulnerability can allow an attacker to embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure in a trusted session...

CVE-2023-32340 IBM Sterling B2B Integrator cross-site scripting

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2023-32340

IBM Sterling B2B Integrator is affected by CVE-2023-32340: cross-site scripting in the Web UI affecting versions 6.0.0.0 through 6.1.2.5 and 6.2.0.0. The vulnerability lets an attacker inject arbitrary JavaScript in the Web UI, potentially altering functionality and exposing credentials within a ...

CVE-2024-57326

The CVE-2024-57326 vulnerability affects Online Pizza Delivery System 1.0. It is a reflected XSS in the search.php endpoint that allows arbitrary JavaScript via unsanitized input in the search parameter, with CVSS v3.1 base score 6.1 (Network, Low attack complexity, No privileges, User interactio...

CVE-2024-57326

A Reflected Cross-Site Scripting XSS vulnerability exists in the search.php file of the Online Pizza Delivery System 1.0. The vulnerability allows an attacker to execute arbitrary JavaScript code in the browser via unsanitized input passed through the search parameter...

CVE-2024-51457

IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

CVE-2024-51457

IBM Robotic Process Automation for Cloud Pak is affected by a cross-site scripting vulnerability (CVE-2024-51457) in versions 21.0.0–21.0.7.19 and 23.0.0–23.0.19. The flaw allows an authenticated user to inject arbitrary JavaScript into the Web UI, potentially altering functionality and disclosin...

CVE-2024-51457 IBM Robotic Process Automation for Cloud Pak cross-site scripting

IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

MAL-2025-141 Malicious code in serve-static-corell (npm)

This package includes a post-install script that fetches JavaScript code from a remote server and executes it. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fdac054c93284fd4c0dca285d57baabea075f4c42f7a8bd63abf69f974d56b31 Any computer that has this package install...

CVE-2024-47140

A cross-site scripting xss vulnerability exists in the addalertcheck page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker...

CVE-2024-47140

Observium CE 24.4.13528 is affected by a reflected XSS in add_alert_check. An authenticated user must click a malicious link; the exploit injects JavaScript via the entity_type parameter. Talos assigns CVSS v3.1 score 8.7 (AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N). Observium and Talos note a vendor pa...