CVE-2025-0060

CVE-2025-0060 relates to SAP BusinessObjects BI Platform. The provided documents describe a vulnerability where an authenticated user with restricted access can inject malicious JavaScript code, enabling reading of sensitive information from the server and exfiltration to an attacker. The attacke...

CVE-2025-22142 Cross-site Scripting in NamelessMC

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user's profile on staff...

Cross-Site Scripting (XSS)

netcarver/textile is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-controllable href input in image links when running the parser in restricted mode, allowing an attacker to inject malicious JavaScript code into image links, which is executed wh...

SAP BusinessObjects Business Intelligence Platform 代码注入漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP, combining market-leading SAP data integration products, data management products and business intelligence products to eliminate system integration challenges and quickly and easily deploy...

CVE-2024-49785

IBM watsonx.ai 1.1 through 2.0.3 and IBM watsonx.ai on Cloud Pak for Data 4.8 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

CVE-2021-29669

IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2021-29669 IBM Jazz Foundation cross-site scripting

IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-49785

CVE-2024-49785 affects IBM watsonx.ai (1.1–2.0.3) and IBM watsonx.ai on Cloud Pak for Data (4.8–5.0.3). It is a cross-site scripting vulnerability allowing an authenticated user to inject arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. I...

CVE-2024-49785 IBM watsonx.ai cross-site scripting

IBM watsonx.ai 1.1 through 2.0.3 and IBM watsonx.ai on Cloud Pak for Data 4.8 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

CVE-2025-0104

CVE-2025-0104 ( Expedition XSS) affects Palo Alto Networks Expedition. The connected PT-security entry describes a reflected cross-site scripting vulnerability where an authenticated user’s browser can execute malicious JavaScript if a user clicks a crafted link, potentially enabling phishing and...

CVE-2025-22132 WeGIA has a Cross-Site Scripting (XSS) in File Upload Field

WeGIA is a web manager for charitable institutions. A Cross-Site Scripting XSS vulnerability was identified in the file upload functionality of the WeGIA/html/socio/sistema/controller/controlaxlsx.php endpoint. By uploading a file containing malicious JavaScript code, an attacker can execute...

CVE-2024-31914

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentia...

CVE-2024-31914 IBM Sterling B2B Integrator cross-site scripting

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentia...

CVE-2024-31914 IBM Sterling B2B Integrator cross-site scripting

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentia...

CVE-2024-31913

CVE-2024-31913 affects IBM Sterling B2B Integrator Standard Edition (versions 6.0.0.0–6.1.2.5 and 6.2.0.0–6.2.0.2) and describes a Stored XSS in the Web UI that can lead to credentials disclosure within a trusted session. The underlying issue is cross-site scripting via the Web UI, enabling an at...

CVE-2024-31913 IBM Sterling B2B Integrator cross-site scripting

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentia...

GHSA-JMPX-686V-C3WX PhpSpreadsheet allows unauthorized Reflected XSS in the constructor of the Downloader class

Unauthorized Reflected XSS in the constructor of the Downloader class Product: Phpspreadsheet Version: version 3.6.0 CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CVSS vector v.3.1: 8.2 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N CVSS vector v.4.0: 8.3...

PhpSpreadsheet allows unauthorized Reflected XSS in the constructor of the Downloader class

Unauthorized Reflected XSS in the constructor of the Downloader class Product: Phpspreadsheet Version: version 3.6.0 CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CVSS vector v.3.1: 8.2 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N CVSS vector v.4.0: 8.3...

Cross-site Scripting (XSS)

shuchkin/simplexlsx is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input handling because the toHTMLEx method allows the execution of arbitrary JavaScript code...

Cross-Site Scripting (XSS)

Piranha is vulnerable to a Cross-site scripting XSS. The vulnerability is due to insufficient validation of uploaded PDF files, allowing authenticated remote attackers to upload crafted files containing malicious JavaScript code that executes when a victim interacts with the file in their web...