CVE-2025-9225

Stored cross-site scripting XSS in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the getSuccessMessage field in the embedded message form container. An attacker can execute arbitrary JavaScript in the context of the affected application by submitting crafted input to this field. Details...

CVE-2025-50733

NextChat has an XSS vulnerability in the HTMLPreview component (artifacts.tsx). User-influenced HTML from AI responses is rendered in an iframe with allow-scripts without proper sanitization, enabling injection of JavaScript. Impact stated includes exfiltration of sensitive data (e.g., API keys i...

NextChat 安全漏洞

NextChat is a NextChat open source project for rapid deployment of private ChatGPT web applications. A security vulnerability exists in NextChat that stems from the HTMLPreview component not properly cleaning up user-influenced HTML, which could lead to the execution of arbitrary JavaScript code...

CVE-2025-50858

Reflected Cross-Site Scripting in the List MySQL Databases function in Easy Hosting Control Panel EHCP 20.04.1.b allows authenticated attackers to execute arbitrary JavaScript via the action parameter...

EHCP Easy Hosting Control Panel 安全漏洞

EHCP Easy Hosting Control Panel is an open source web hosting control panel from EHCP. A security vulnerability exists in EHCP Easy Hosting Control Panel version 20.04.1.b. The vulnerability stems from a reflected cross-site scripting vulnerability in the template parameter of the Change Template...

CVE-2025-50733

NextChat contains a cross-site scripting XSS vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs because user-influenced HTML from AI responses is...

CVE-2025-55104

A stored cross-site scripting XSS vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to add and store an XSS payload. If this stored XSS payload is triggered by any user attacker supplied JavaScript may execute ...

CVE-2025-55104

A stored cross-site scripting XSS vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to add and store an XSS payload. If this stored XSS payload is triggered by any user attacker supplied JavaScript may execute ...

CVE-2025-55107 BUG-000177335 ArcGIS Enterprise Sites has a stored Cross-site Scripting vulnerability.

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in th...

CVE-2025-55420

A Reflected Cross Site Scripting XSS vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response. This permits execution of arbitrary JavaScript code when a logged-in user submits the malicious input...

CVE-2025-55420

A Reflected Cross Site Scripting XSS vulnerability was found in /index.php in FoxCMS v1.2.6. When a crafted script is sent via a GET request, it is reflected unsanitized into the HTML response. This permits execution of arbitrary JavaScript code when a logged-in user submits the malicious input...

CVE-2025-51489

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened...

CVE-2025-55420

FoxCMS v1.2.6 is affected by a Reflected XSS in the /index.php endpoint. The issue stems from unsanitized reflection of a crafted script via a GET request, enabling execution of arbitrary JavaScript when a logged-in user submits the malicious input. CVSSv3.1 base score 8.8 (HIGH) with NETWORK att...

FoxCMS 安全漏洞

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS. A security vulnerability exists in FoxCMS v1.2.6, which stems from a reflective cross-site scripting vulnerability that could lead to the execution of arbitrary JavaScript code...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the definition parameter of Dynamic Data Mapping portlet. An authenticated attacker can execute arbitrary JavaScript code in the context of a user's browser by crafting a malicious request and tricking a use...

CVE-2025-55287

Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Stored Cross-Site Scripting XSS vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leading to session hijacking, data theft, and UI...

CVE-2025-46998

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-46932

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-54175 Reflected Cross-Site Scripting in QuickCMS.EXT

QuickCMS.EXT is vulnerable to Reflected XSS in sFileName parameter in thumbnail viewer functionality. An attacker can craft a malicious URL that results in arbitrary JavaScript execution in the victim's browser when opened. The vendor was notified early about this vulnerability, but didn't respon...