5800 matches found
CVE-2025-59269
CVE-2025-59269 is a stored cross-site scripting (XSS) vulnerability in BIG-IP Configuration utility. It affects BIG-IP (all modules) and stems from insufficient input handling on an undisclosed page, allowing an attacker to store and execute JavaScript in the context of the currently logged-in us...
CVE-2025-10869
Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...
F5 BIG-IP 跨站脚本漏洞
F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 USA. A cross-site scripting vulnerability exists in F5 BIG-IP that stems from the presence of reflective cross-site scripting on an...
F5 BIG-IP 跨站脚本漏洞
F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 Corporation. A cross-site scripting vulnerability exists in F5 BIG-IP that stems from the presence of stored cross-site scripting o...
EUVD-2025-34249
Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name...
Remote Code Execution
Flowise is vulnerable toRemote Code Execution. The vulnerability is due to unsafe evaluation of user-supplied configuration in the convertToValidJSONString function executing the mcpServerConfig input as JavaScript, An attackers can use this to execute arbitrary Node.js code to run commands or...
CVE-2025-61319
ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload, the unsanitized payload is rendered in the ReNgine web UI, resulting in arbitrary JavaScript execution in the victim's browser. This can b...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23554)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23549)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23553)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23565)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23546)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the...
AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23539)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...
CVE-2025-11189
The Kiwire Captive Portal contains a reflected cross-site scripting XSS vulnerability within the login-url parameter, allowing for Javascript execution...
CVE-2025-35060
Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...
CVE-2025-60880
An authenticated stored XSS vulnerability exists in the Bagisto 2.3.6 admin panel's product creation path, allowing an attacker to upload a crafted SVG file containing malicious JavaScript code. This vulnerability can be exploited by an authenticated admin user to execute arbitrary JavaScript in...
CVE-2025-11189
The Kiwire Captive Portal contains a reflected cross-site scripting XSS vulnerability within the login-url parameter, allowing for Javascript execution...
CVE-2025-11189
The Kiwire Captive Portal contains a reflected cross-site scripting XSS vulnerability within the login-url parameter, allowing for Javascript execution...
CVE-2025-11189 CVE-2025-11189
The Kiwire Captive Portal contains a reflected cross-site scripting XSS vulnerability within the login-url parameter, allowing for Javascript execution...
CVE-2025-11189 CVE-2025-11189
The Kiwire Captive Portal contains a reflected cross-site scripting XSS vulnerability within the login-url parameter, allowing for Javascript execution...