Linux Distros Unpatched Vulnerability : CVE-2018-10891

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is...

GHSA-9V8P-M85M-F7MM Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add

Summary A Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the lead:addLeadTags process. An attacker can execute arbitrary JavaScript in another user's browser session by injecting malicious input into the Tags field, which is reflected in the server's response...

CVE-2025-9823

SummaryA Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

CVE-2025-9823 Reflected XSS in lead:addLeadTags - Quick Add

SummaryA Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

CVE-2025-9823 Reflected XSS in lead:addLeadTags - Quick Add

SummaryA Cross-Site Scripting XSS vulnerability allows an attacker to execute arbitrary JavaScript in the context of another user’s session. This occurs because user-supplied input is reflected back in the server’s response without proper sanitization or escaping, potentially enabling malicious...

CVE-2025-9569

The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

CVE-2025-9568

The eHRD developed by Sunnet has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

Linux Distros Unpatched Vulnerability : CVE-2019-1010091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The...

CVE-2025-55474

Many Notes 0.10.1 is vulnerable to Cross Site Scripting (XSS) via Markdown rendering, allowing JavaScript execution when viewed. CVSS v3.1 vector: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (base 6.1, MEDIUM). Connected sources reference a potential fix in v0.10.2, but explicit remediation details are n...

PT-2025-35585

Name of the Vulnerable Software and Affected Versions: Many Notes version 0.10.1 Description: Many Notes version 0.10.1 is susceptible to Cross Site Scripting XSS. This allows malicious Markdown files to execute JavaScript when viewed. Recommendations: At the moment, there is no information about...

CVE-2025-9567

CVE-2025-9567 affects Sunnet’s eHRD CTMS (the eHRD platform) and is described as a Reflected Cross-site Scripting vulnerability. The vulnerability allows unauthenticated remote attackers to cause arbitrary JavaScript execution in a user’s browser via phishing-type vectors. Technical details acros...

CVE-2025-50978

In Gitblit v1.7.1, a reflected cross-site scripting XSS vulnerability exists in the way repository path names are handled. By injecting a specially crafted path payload an attacker can cause arbitrary JavaScript to execute when a victim views the manipulated URL. This flaw stems from insufficient...

Linux Distros Unpatched Vulnerability : CVE-2021-33192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena...

Linux Distros Unpatched Vulnerability : CVE-2023-6033

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and...

Linux Distros Unpatched Vulnerability : CVE-2021-41165

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all...

Linux Distros Unpatched Vulnerability : CVE-2023-28447

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execut...

Linux Distros Unpatched Vulnerability : CVE-2022-42890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics...

CVE-2025-54543

QuickCMS is vulnerable to Stored XSS via sDescriptionMeta parameter in page editor SEO functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add...

CVE-2025-34521

CVE-2025-34521 – Arcserve UDP XSS : A reflected cross-site scripting vulnerability exists in the Arcserve Unified Data Protection web interface, where unsanitized input is reflected in HTTP responses. This can allow remote attackers with low privileges to craft malicious links that, when a user v...