CVE-2025-50977

A template injection vulnerability leading to reflected cross-site scripting XSS has been identified in version 1.7.1, requiring authenticated admin access for exploitation. The vulnerability exists in the 'r' parameter and allows attackers to inject malicious Angular expressions that execute...

CVE-2025-30036 Stored XSS permitting session takeover of arbitrary user

Stored XSS vulnerability exists in the "Oddział" Ward module, in the death diagnosis description field, and allows the execution of arbitrary JavaScript code. This can lead to session hijacking of other users and potentially to privilege escalation up to full administrative rights...

CVE-2025-30036

CVE-2025-30036 describes a stored XSS in the Oddział (Ward) module, within the death diagnosis description field. The flaw permits execution of arbitrary JavaScript, which can cause session hijacking of other users and potentially escalate privileges up to full admin rights. The provided metrics ...

Linux Distros Unpatched Vulnerability : CVE-2021-39906

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf...

esri Portal for ArcGIS Enterprise Sites Cross-Site Scripting Vulnerability (CNVD-2025-21186)

esri Portal for ArcGIS Enterprise Sites is an enterprise-level geographic information sharing platform from ESRI that allows users within an organization to view, edit, and share geographic information through the portal. A cross-site scripting vulnerability exists in esri Portal for ArcGIS...

Linux Distros Unpatched Vulnerability : CVE-2020-1771

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Attacker is able craft an article with a link to the customer address book with malicious content JavaScript. When agent opens the link, JavaScript code is...

Linux Distros Unpatched Vulnerability : CVE-2018-17883

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system...

Lunary Cross-Site Scripting Vulnerability

lunary is lunary open source a production toolkit for LLM. A cross-site scripting vulnerability exists in lunary, which stems from the presence of stored cross-site scripting in the Analytics component that could lead to arbitrary JavaScript execution. No detailed vulnerability details are provid...

Linux Distros Unpatched Vulnerability : CVE-2019-9752

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Open Ticket Request System OTRS 5.x before 5.0.34, 6.x before 6.0.16, and 7.x before 7.0.4. An attacker who is logged into OTRS as an...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI version 2024R2, which stems from cross-site scripting in a...

Linux Distros Unpatched Vulnerability : CVE-2019-10066

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through...

Linux Distros Unpatched Vulnerability : CVE-2017-12980

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that us...

CVE-2025-50858

Reflected Cross-Site Scripting in the List MySQL Databases function in Easy Hosting Control Panel EHCP 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the action parameter...

Linux Distros Unpatched Vulnerability : CVE-2019-10067

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Open Ticket Request System OTRS 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker wh...

Lunary 跨站脚本漏洞

lunary is lunary open source a production toolkit for LLM. A cross-site scripting vulnerability exists in lunary, which stems from the presence of stored cross-site scripting in the Analytics component that could lead to arbitrary JavaScript execution. No detailed vulnerability details are provid...

CVE-2025-50858

Reflected Cross-Site Scripting in the List MySQL Databases function in Easy Hosting Control Panel EHCP 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the action parameter...

CVE-2025-50859

Reflected Cross-Site Scripting in the Change Template function in Easy Hosting Control Panel EHCP 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the template parameter...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the PortalUtil.escapeRedirect function. An authenticated attacker can execute arbitrary JavaScript in the context of a user's browser by injecting malicious input into the affected process. Details Cross-sit...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the PortalUtil.escapeRedirect function. An authenticated attacker can execute arbitrary JavaScript in the context of a user's browser by injecting malicious input into the affected process. Details Cross-sit...

CVE-2025-50733

NextChat contains a cross-site scripting XSS vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs because user-influenced HTML from AI responses is...