PT-2025-39075

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.6 Description A remote code execution issue exists in the CustomMCP node, which allows users to input configuration settings for connecting to an external Model Context Protocol MCP server. The node parses the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the selectedItem.groupdescriptivenam attribute. An attacker can execute arbitrary JavaScript in the context of other users by injecting malicious scripts through the organization site names, which are stored...

CVE-2025-57538

A stored cross-site scripting XSS vulnerability in the HTTP Proxy field within the Datacenter configuration panel of Proxmox Virtual Environment PVE 8.4 allows an authenticated user to inject malicious input. The input is stored and executed in the context of other users' browsers when they view...

CVE-2025-53838

LinkAce is a self-hosted archive to collect website links. A stored cross-site scripting XSS vulnerability was discovered in versions prior to 2.1.9 that allows an attacker to inject arbitrary JavaScript, which is then executed in the context of a user's browser when the malicious link is clicked...

CVE-2025-40725

Reflected Cross-Site Scripting XSS vulnerability in Azon Dominator. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the “q” parameter in /search via GET. This vulnerability can be exploited to steal sensitive user data...

Cross-site Scripting (XSS)

moonshine/moonshine is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the application allowing malicious HTML payloads in the Name parameter when creating a new Admin, leading to arbitrary JavaScript execution...

decap-cms 安全漏洞

decap-cms is a Git-based static site generator from Decap CMS open source. A security vulnerability exists in decap-cms 3.8.3 and earlier versions, which stems from cross-site scripting and could lead to the execution of arbitrary JavaScript...

Linux Distros Unpatched Vulnerability : CVE-2024-21911

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into...

Linux Distros Unpatched Vulnerability : CVE-2024-51490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ampache is a web based audio/video streaming application and file manager. This vulnerability exists in the interface section of the Ampache menu, where users c...

Linux Distros Unpatched Vulnerability : CVE-2022-39049

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. CVE-2022-39049 Note that...

CVE-2025-57538

A stored cross-site scripting XSS vulnerability in the HTTP Proxy field within the Datacenter configuration panel of Proxmox Virtual Environment PVE 8.4 allows an authenticated user to inject malicious input. The input is stored and executed in the context of other users' browsers when they view...

CVE-2025-57538

A stored cross-site scripting XSS vulnerability in the HTTP Proxy field within the Datacenter configuration panel of Proxmox Virtual Environment PVE 8.4 allows an authenticated user to inject malicious input. The input is stored and executed in the context of other users' browsers when they view...

Proxmox Virtual Environment 安全漏洞

Proxmox Virtual Environment Proxmox VE is an open source server virtualization environment Linux distribution from Proxmox. A security vulnerability exists in Proxmox Virtual Environment version 8.4, which stems from an HTTP Proxy field stored cross-site scripting vulnerability that could lead to...

CVE-2025-57540

A stored cross-site scripting XSS vulnerability exists in the WebAuthn Relying Party field within the Datacenter configuration of Proxmox Virtual Environment PVE 8.4. Authenticated users can inject JavaScript code that is later executed in the browsers of users who view the configuration page,...

CVE-2025-55998

A cross-site scripting XSS vulnerability in Smart Search & Filter Shopify and BigCommerce apps allows a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into several filter parameter...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataPagename parameter in the /apprain/page/manage-static-pages/create process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by submitting crafted input that is...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataGroupname parameter in the /apprain/admin/managegroup/add/ process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by submitting crafted input that is improperly...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataAddonlayouts and dataAddonlayoutsexcept parameters in the /apprain/developer/addons/update/appform process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataAddonlayouts and dataAddonlayoutsexcept parameters in the /apprain/developer/addons/update/tree process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by...

Linux Distros Unpatched Vulnerability : CVE-2021-38295

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin open...