5800 matches found
CVE-2025-53883
A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability allows attackers to run arbitrary javascript via a reflected XSS issue in the search fields.This issue affects Container suse/manager/5.0/x8664/server:latest: from ? before 5.0.28-150600.3.36.8; SUSE Manag...
SUSE多款产品 安全漏洞
SUSE Manager and SUSE Manager Server are both products of SUSE Germany.SUSE Manager is a Linux server management system. The system provides automated software management, system configuration, and monitoring.SUSE Manager Server is an infrastructure management solution designed to simplify and...
CVE-2025-62800
FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0 have a reflected cross-site scripting vulnerability in the OAuth client callback page oauthcallback.py where unescaped user-controlled values are inserted into the generated HTML, allowing arbitrary JavaScri...
DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload
Summary Sanitization of the content of uploaded SVG files was not covering all possible XSS scenarios. Details DNN validates the contents of SVG's to ensure they are valid and do not contain any malicious code. These checks were introduced as part of CVE-2025-48378. However, the checks to ensure...
Cross-site Scripting (XSS)
Overview fastmcp is a The fast, Pythonic way to build MCP servers and clients. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the createcallbackhtml function. An attacker can execute arbitrary JavaScript in the context of the callback server's origin by supplying...
CVE-2025-41384
Cross-Site Scripting XSS vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary doma...
PT-2025-44217
Name of the Vulnerable Software and Affected Versions FastMCP versions prior to 2.13.0 Description FastMCP, a framework for building MCP applications, is affected by a reflected cross-site scripting issue. The problem exists in the OAuth client callback page oauth callback.py due to the insertion...
CVE-2025-41384
Cross-Site Scripting XSS vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The server will attempt to block the arbitrary doma...
CVE-2025-5350 SSRF and Reflected XSS Vulnerability in Deprecated Try-It Feature of Multiple WSO2 Products
SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products within the deprecated Try-It feature, which was accessible only to administrative users. This feature accepted user-supplied URLs without proper validation, leading to server-side request forgery SSRF. Additionally, the...
EUVD-2025-35713
MCMS reflected cross-site scripting XSS vulnerability...
MCMS reflected cross-site scripting (XSS) vulnerability
A reflected cross-site scripting XSS vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload...
CVE-2025-9980
CVE-2025-9980 describes a Stored XSS vulnerability in QuickCMS, specifically in the page editor (pages-form). The issue allows a malicious actor with admin privileges to inject arbitrary HTML/JavaScript that is rendered/executed when visiting the edited page. The public material notes that only v...
CVE-2025-11952
CVE-2025-11952 describes a stored XSS in Oct8ne Chatbot v2.3. The flaw arises from input validation failure when creating a mail transcript via /Records/SendSummaryMail, allowing injected JavaScript to run in a victim's browser. Impact stated: potential theft of sensitive data (e.g., session cook...
CVE-2025-61417
Cross-Site Scripting XSS vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/mediamanager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to...
GI-DocGen Cross-Site Scripting Vulnerability
GI-DocGen is an open source document generation library for GNOME. GI-DocGen suffers from a cross-site scripting vulnerability that stems from susceptibility to cross-site scripting attacks that could lead to the execution of JavaScript code in a web environment...
PYSEC-2025-188
Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0...
EUVD-2025-35051
A Cross-Site Scripting XSS vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the index endpoint. Unsanitized input in the /index parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who...
Cross-site Scripting (XSS)
Overview @tawk.to/tawk-messenger-vue-3 is an Official Vue 3 plugin for Tawk messenger Affected versions of this package are vulnerable to Cross-site Scripting XSS via the tawkFileUpload endpoint in the chatbot. An attacker can execute arbitrary JavaScript code in the browser of other users by...
CVE-2025-8349
CVE-2025-8349 denotes a stored XSS in Tawk Live Chat. A malicious PDF with JavaScript uploaded via the chatbot is stored by the application and later rendered unsanitized to other users, enabling execution of arbitrary script (e.g., cookie theft) in the victim’s browser. Affected components inclu...
CVE-2025-61456
A Cross-Site Scripting XSS vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the index endpoint. Unsanitized input in the /index parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who...