CVE-2025-0423

In the "bestinformed Web" application, some user input was not properly sanitized. This leads to multiple unauthenticated stored cross-site scripting vulnerabilities. An unauthenticated attacker is able to compromise the sessions of users on the server by injecting JavaScript code into their...

CVE-2025-0424

Cordaware bestinformed Web is affected by authenticated stored cross-site scripting due to improper input sanitization. An authenticated attacker can inject JavaScript into other users’ sessions, potentially enabling horizontal movement to higher-privileged accounts. The available connected sourc...

CVE-2024-56882

CVE-2024-56882 affects Sage DPW before 2024_12_000. Affected component: Kurstitel and Kurzinfo input fields where low-privileged users with the employee role can permanently store JavaScript. The injected payload is executed for each authenticated user who views/interacts with the modified data. ...

IBM ApplinX Cross-Site Scripting Vulnerability (CNVD-2025-04170)

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. A cross-site scripting vulnerability exists in IBM ApplinX version 11.1. The vulnerability stems from the application's lack of effective filtering and...

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2025-04976)

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting...

CVE-2024-56463

IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-56463

CVE-2024-56463 (IBM QRadar SIEM 7.5) is a cross-site scripting vulnerability that could allow a privileged user to embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. The IBM Security Bulletin confirms affected product/version: IBM QRa...

CVE-2024-56463 IBM QRadar SIEM cross-site scripting

IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-1271 Reflected Cross-Site Scripting (XSS) vulnerability in H6Web

Reflected Cross-Site Scripting XSS in Anapi Group's h6web. This security flaw could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected code is executed in their browser, which can result in the theft of sensitive information, identity the...

CVE-2025-1145

CVE-2025-1145 affects NetVision Information ISOinsight. The connected sources describe a reflected Cross-site Scripting vulnerability that allows unauthenticated remote attackers to execute arbitrary JavaScript in a user’s browser, typically via phishing. The impact is user-side script execution ...

IBM ApplinX Cross-Site Scripting Vulnerability (CNVD-2025-06207)

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. A cross-site scripting vulnerability exists in IBM ApplinX, which can be exploited by an attacker to embed arbitrary JavaScript code in the Web UI,...

IBM ApplinX Cross-Site Scripting Vulnerability (CNVD-2025-06208)

IBM ApplinX is an International Business Machines IBM company focused on converting green screen interfaces into modern web-based applications. A cross-site scripting vulnerability exists in IBM ApplinX, which can be exploited by an attacker to embed arbitrary JavaScript code in the Web UI,...

CVE-2024-52892

IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

CVE-2024-49791

IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-49793

IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-38317

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-52364

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus...

CVE-2024-52365

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thu...

CVE-2024-40700

IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

CVE-2024-52892

IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...