CVE-2024-51457

IBM Robotic Process Automation for Cloud Pak is affected by a cross-site scripting vulnerability (CVE-2024-51457) in versions 21.0.0–21.0.7.19 and 23.0.0–23.0.19. The flaw allows an authenticated user to inject arbitrary JavaScript into the Web UI, potentially altering functionality and disclosin...

MAL-2025-141 Malicious code in serve-static-corell (npm)

This package includes a post-install script that fetches JavaScript code from a remote server and executes it. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fdac054c93284fd4c0dca285d57baabea075f4c42f7a8bd63abf69f974d56b31 Any computer that has this package install...

CVE-2025-0060

CVE-2025-0060 relates to SAP BusinessObjects BI Platform. The provided documents describe a vulnerability where an authenticated user with restricted access can inject malicious JavaScript code, enabling reading of sensitive information from the server and exfiltration to an attacker. The attacke...

Cross-Site Scripting (XSS)

netcarver/textile is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-controllable href input in image links when running the parser in restricted mode, allowing an attacker to inject malicious JavaScript code into image links, which is executed wh...

CVE-2024-49785

IBM watsonx.ai 1.1 through 2.0.3 and IBM watsonx.ai on Cloud Pak for Data 4.8 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

CVE-2021-29669

IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2021-29669 IBM Jazz Foundation cross-site scripting

IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-49785

CVE-2024-49785 affects IBM watsonx.ai (1.1–2.0.3) and IBM watsonx.ai on Cloud Pak for Data (4.8–5.0.3). It is a cross-site scripting vulnerability allowing an authenticated user to inject arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. I...

CVE-2025-0104

CVE-2025-0104 ( Expedition XSS) affects Palo Alto Networks Expedition. The connected PT-security entry describes a reflected cross-site scripting vulnerability where an authenticated user’s browser can execute malicious JavaScript if a user clicks a crafted link, potentially enabling phishing and...

CVE-2024-31914

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentia...

CVE-2024-31913

CVE-2024-31913 affects IBM Sterling B2B Integrator Standard Edition (versions 6.0.0.0–6.1.2.5 and 6.2.0.0–6.2.0.2) and describes a Stored XSS in the Web UI that can lead to credentials disclosure within a trusted session. The underlying issue is cross-site scripting via the Web UI, enabling an at...

CVE-2024-31913 IBM Sterling B2B Integrator cross-site scripting

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentia...

PT-2024-66: Unauthorized Reflected XSS in PhpSpreadsheet (Currency.php)

The vulnerability was identified in PhpSpreadsheet, versions = 3.0.0, = 2.0.0, = 2.2.0, = 3.0.0, = 2.0.0, = 2.2.0, = 2.3.4 to 2.3.5 or higher Additional information: Researcher: Aleksey Solovev Positive Technologies...

GHSA-G2VG-8HFG-79VJ Koji Cross-site Scripting

A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to submit an action or make a change in Koji due to existing XSS protections in the code...

CVE-2024-9427 Koji: escape html tag characters in the query string

A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to submit an action or make a change in Koji due to existing XSS protections in the code...

CVE-2024-56364 Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx

SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in 1.0.12 and ending in 1.1.13, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. This vulnerability is fixed in 1.1.13...

CVE-2024-55342

A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS...

CVE-2021-20553

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2021-20553 IBM Sterling B2B Integrator Standard Edition cross-site scripting

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2024-55239

A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the 'titulodocumento' parameter...