5810 matches found
Fiora 安全漏洞
Fiora - is a chat application by yinxin630 individual developer. A security vulnerability exists in Fiora version 1.0.0, which stems from the user avatar upload feature not validating the content of SVG files, which could lead to the execution of arbitrary JavaScript code...
CVE-2025-8116 Reflected XSS in PAD CMS
PAD CMS is vulnerable to Reflected XSS in printing and save to PDF functionality. Malicious attacker can craft special URL, which will result in arbitrary JavaScript execution in victim's browser, when opened. This issue affects all 3 templates: www, bip and www+bip. This product is End-Of-Life a...
PT-2025-39965
Name of the Vulnerable Software and Affected Versions PAD CMS affected versions not specified Description PAD CMS is susceptible to Reflected Cross-Site Scripting XSS in the printing and save to PDF features. An attacker can create a specially crafted URL that, when opened by a user, leads to the...
VulnCheck KEV: CVE-2025-27915
An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0 and 10.1. A stored cross-site scripting XSS vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its...
CVE-2025-35034
Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portletuserid' URL parameter. A remote, unauthenticated attacker can craft a URL that can execute arbitrary JavaScript in the victim's browser. This issue is fixed as of 2025-03-14...
CVE-2025-35034
Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portletuserid' URL parameter. A remote, unauthenticated attacker can craft a URL that can execute arbitrary JavaScript in the victim's browser. This issue is fixed as of 2025-03-14...
CVE-2025-35034 Medical Informatics Engineering Enterprise Health reflected cross site scripting via portlet_user_id
Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portletuserid' URL parameter. A remote, unauthenticated attacker can craft a URL that can execute arbitrary JavaScript in the victim's browser. This issue is fixed as of 2025-03-14...
CVE-2025-57877
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...
CVE-2025-57877
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...
CVE-2025-57873
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...
CVE-2025-57871 BUG-000174020 - Reflected XSS vulnerability identified in Portal for ArcGIS. (11.3, 11.1, 10.9.1)
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...
CVE-2025-57873 BUG-000175222 - Reflected XSS vulnerability in Portal for ArcGIS.
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...
CVE-2025-57873
A reflected cross-site scripting vulnerability affects Esri Portal for ArcGIS 11.4 and earlier. An authenticated administrator can supply a crafted string to trigger arbitrary JavaScript execution in the user’s browser. Root cause appears to be reflected XSS via input echoed in the page. Impact p...
CVE-2025-57875 BUG-000164122 - Reflected XSS vulnerability in Portal for ArcGIS.
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...
CVE-2025-57875
CVE-2025-57875 affects Esri Portal for ArcGIS
PT-2025-39862
Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions 11.4 and below Description A reflected cross site scripting issue exists that could allow a remote authenticated attacker with administrative access to execute arbitrary JavaScript code in the browser by supplyi...
GHSA-456V-F425-8MCV PiranhaCMS stored XSS
PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser...
Star Citizen EmbedVideo Extension Stored XSS through wikitext caused by usage of non-reserved data attributes
Summary The EmbedVideo extension allows adding arbitrary attributes to an HTML element, allowing for stored XSS through wikitext. Details The attributes of an iframe are populated with the value of an unreserved data attribute data-iframeconfig that can be set via wikitext:...
GHSA-4J5H-MVJ3-M48V Star Citizen EmbedVideo Extension Stored XSS through wikitext caused by usage of non-reserved data attributes
Summary The EmbedVideo extension allows adding arbitrary attributes to an HTML element, allowing for stored XSS through wikitext. Details The attributes of an iframe are populated with the value of an unreserved data attribute data-iframeconfig that can be set via wikitext:...
CVE-2025-59430
Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. Prior to version 3.3.2, the lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. This is technically...