CVE-2025-61456

A Cross-Site Scripting XSS vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the index endpoint. Unsanitized input in the /index parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who...

EUVD-2025-34897

Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote MCP server. The vulnerability exists in the OAuth flow implementation where the authorizationurl...

CVE-2025-52583

Reflected cross-site scripting XSS vulnerability in desknet's Web Server allows execution of arbitrary JavaScript in a user’s web browser...

CVE-2025-24833

Stored cross-site scripting XSS vulnerability in desknet's NEO versions V4.0R1.0–V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser...

CVE-2025-54859

Stored cross-site scripting XSS vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser...

CVE-2025-62418

Bagisto v2.3.7 contains an XSS vulnerability in TinyMCE image upload: uploading a crafted SVG with embedded JavaScript is possible by an admin or other privileged user, leading to code execution in the context of the viewer’s browser. The issue arises from SVGs being accepted without sanitization...

CVE-2025-59269

A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-55072

Stored cross-site scripting XSS vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser...

CVE-2025-54859

Stored cross-site scripting XSS vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser...

CVE-2025-55072

Stored cross-site scripting XSS vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser...

EUVD-2025-34749

Reflected cross-site scripting XSS vulnerability in desknet's Web Server allows execution of arbitrary JavaScript in a user’s web browser...

CVE-2025-52583

Reflected cross-site scripting XSS vulnerability in desknet's Web Server allows execution of arbitrary JavaScript in a user’s web browser...

CVE-2025-24833

CVE-2025-24833 is a stored XSS vulnerability in desknet’s NEO, affecting version range V4.0R1.0–V9.0R2.0. The issue allows execution of arbitrary JavaScript in a user’s browser via a stored payload. The connected Red Hat (RH:CVE-2025-24833) and other feeds confirm the same description. No exploit...

EUVD-2025-34750

Stored cross-site scripting XSS vulnerability in desknet's NEO versions V4.0R1.0–V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser...

Desknets Neo 跨站脚本漏洞

Desknets Neo is a remote office support software from Desknets Japan. A cross-site scripting vulnerability exists in Desknets Neo V9.0R2.0 and earlier versions, which originates from stored cross-site scripting and could lead to the execution of arbitrary JavaScript...

NEOJAPAN desknets NEO 跨站脚本漏洞

NEOJAPAN desknets NEO is a large network group collaboration software from NEOJAPAN Japan. A cross-site scripting vulnerability exists in NEOJAPAN desknets NEO versions V2.0R1.0 through V9.0R2.0 that originates from stored cross-site scripting and could lead to the execution of arbitrary JavaScri...

NEOJAPAN desknets Web Server 跨站脚本漏洞

NEOJAPAN desknets Web Server is a back-end service for a large network group collaboration software from NEOJAPAN Japan. A cross-site scripting vulnerability exists in NEOJAPAN desknets Web Server, which stems from susceptibility to reflective cross-site scripting attacks that could lead to the...

CVE-2025-62366

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated content is supplied. The function attempts t...

EUVD-2025-34656

A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-59269

A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...