CVE-2025-51503

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the filter parameter in the recent uploads page. An attacker can execute arbitrary JavaScript code in the context of a user's browser by crafting a malicious URL containing a specially crafted filter value...

CVE-2025-40685

Reflected Cross-Site Scripting XSS in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searcstate' parameter in/state.php...

CVE-2025-40686

Reflected Cross-Site Scripting XSS in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'employeeid' parameter in/detailview.php...

CVE-2025-40684

Reflected Cross-Site Scripting XSS in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccountry' parameter in/country.php...

copyparty Reflected XSS via Filter Parameter

Summary Unauthorized reflected Cross-Site-Scripting when accessing the URL for recent uploads with the filter parameter containing JavaScript code. Details When accessing the recent uploads page at /?ru, users can filter the results using an input field at the top. This field appends a filter...

CVE-2025-24854

A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.3 or later...

CVE-2025-24853

A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Further research by the JSPWiki team showed that the markdown parser allowed this...

CVE-2025-24853

A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Further research by the JSPWiki team showed that the markdown parser allowed this...

CVE-2025-24854

CVE-2025-24854 affects Apache JSPWiki’s Image plugin. A crafted request triggers a cross-site scripting (XSS) vulnerability that could allow JavaScript execution in the victim’s browser and potentially expose sensitive information. Affected component: JSPWiki Image plugin (version prior to 2.12.3...

CVE-2025-24854 Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Image plugin

A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.3 or later...

Microweber CMS 安全漏洞

Microweber CMS is a drag-and-drop website builder from Microweber Open Source. A security vulnerability exists in Microweber CMS version 2.0, which stems from a stored cross-site scripting vulnerability that could lead to the execution of arbitrary JavaScript code...

CVE-2025-51503

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...

CVE-2025-51503

A Stored Cross-Site Scripting XSS vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers...

Apache JSPWiki 安全漏洞

Apache JSPWiki is an open source WikiWiki engine built on Java, Servlet and JSP from the Apache USA Foundation. A security vulnerability exists in Apache JSPWiki that stems from a failure to properly handle requests when creating header links, which could lead to the execution of arbitrary...

PT-2025-31569 · Unknown · Microweber Cms

Name of the Vulnerable Software and Affected Versions: Microweber CMS version 2.0 Description: A stored cross-site scripting XSS vulnerability exists in Microweber CMS 2.0. This allows attackers to inject malicious scripts into user profile fields, resulting in arbitrary JavaScript execution in...

PT-2025-31493 · Apache · Apache Jspwiki

Name of the Vulnerable Software and Affected Versions: Apache JSPWiki versions prior to 2.12.3 Description: A crafted request during header link creation using wiki markup syntax can allow an attacker to execute JavaScript in the victim’s browser, potentially obtaining sensitive information...

Apache JSPWiki 安全漏洞

Apache JSPWiki is the United States Apache Apache Foundation of a Java, Servlet and JSP-based open source WikiWiki engine to build . A cross-site scripting vulnerability exists in the Apache JSPWiki Image plugin, which can be exploited by an attacker to execute javascript in the victim's browser...

LB-Link BL-CPE300M 安全漏洞

LB-Link BL-CPE300M is a router device from China Bilink LB-Link. A security vulnerability exists in the LB-Link BL-CPE300M version 01.01.02P42U1406, which stems from a cross-site scripting vulnerability that could lead to the execution of arbitrary JavaScript code...

PT-2025-31494 · Apache Jspwiki +1 · Image Plugin +1

Name of the Vulnerable Software and Affected Versions: Apache JSPWiki versions prior to 2.12.3 Description: A carefully crafted request using the Image plugin could trigger a cross-site scripting XSS issue on Apache JSPWiki. This could allow an attacker to execute JavaScript in the victim's brows...