CVE-2025-32731

A reflected cross-site scripting xss vulnerability exists in the radiationDoseReport.php functionality of meddream MedDream PACS Premium 7.3.5.860. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabilit...

CVE-2025-32731

A reflected cross-site scripting xss vulnerability exists in the radiationDoseReport.php functionality of meddream MedDream PACS Premium 7.3.5.860. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerabilit...

CVE-2025-40730

HTML injection in Vox Media's Chorus CMS. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'q' parameter in '/search'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to...

CVE-2025-40730 HTML injection in Vox Media's Chorus CMS

HTML injection in Vox Media's Chorus CMS. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'q' parameter in '/search'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to...

CVE-2025-40730 HTML injection in Vox Media's Chorus CMS

HTML injection in Vox Media's Chorus CMS. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'q' parameter in '/search'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to...

CVE-2025-40730

The CVE-2025-40730 entry concerns HTML injection in Vox Media’s Chorus CMS. The vulnerability arises from an injection in the /search?q parameter, allowing an attacker to execute JavaScript in a victim’s browser and potentially steal session cookies or perform actions on behalf of the user. Affec...

Cross-Site Scripting (XSS)

aim is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the lack of sanitization or sandboxing in the /api/reports endpoint, which allows an attacker to execute arbitrary JavaScript in victims' browsers through malicious Python code interpreted by pyodide.code.runjs when the...

CVE-2025-27800 Stored Cross-Site Scripting in Episerver Content Management System (CMS) Admin Dashboard

The Episerver Content Management System CMS by Optimizely was affected by multiple Stored Cross-Site Scripting XSS vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. The Admin dashboard offered the functionality to add gadgets to...

CVE-2025-54414

Anubis is a Web AI Firewall Utility that weighs the soul of users' connections using one or more challenges in order to protect upstream resources from scraper bots. In versions 1.21.2 and below, attackers can craft malicious pass-challenge pages that cause a user to execute arbitrary JavaScript...

PT-2025-31104 · Meddream · Meddream Pacs Premium

Name of the Vulnerable Software and Affected Versions: meddream MedDream PACS Premium version 7.3.5.860 Description: A reflected cross-site scripting xss vulnerability exists in the radiationDoseReport.php functionality. A specially crafted URL can lead to arbitrary javascript code execution. An...

PT-2025-31063 · Vox Media · Horus Cms

Name of the Vulnerable Software and Affected Versions: Vox Media Chorus CMS affected versions not specified Description: An HTML injection issue exists in Vox Media’s Chorus CMS. An attacker can execute JavaScript code in a victim’s browser by sending a malicious URL utilizing the q parameter in...

MedDream PACS Premium radiationDoseReport.php reflected cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2025-2176 MedDream PACS Premium radiationDoseReport.php reflected cross-site scripting XSS vulnerability July 28, 2025 CVE Number CVE-2025-32731 SUMMARY A reflected cross-site scripting xss vulnerability exists in the radiationDoseReport.php functionality of...

CVE-2025-52360

A Cross-Site Scripting XSS vulnerability exists in the OPAC search feature of Koha Library Management System v24.05. Unsanitized input entered in the search field is reflected in the search history interface, leading to the execution of arbitrary JavaScript in the browser context when the user...

CVE-2025-53084

A cross-site scripting xss vulnerability exists in the videosList page parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabili...

CVE-2025-50128

A cross-site scripting xss vulnerability exists in the videoNotFound 404ErrorMsg parameter functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...

CVE-2025-54414

Anubis is a Web AI Firewall Utility that weighs the soul of users' connections using one or more challenges in order to protect upstream resources from scraper bots. In versions 1.21.2 and below, attackers can craft malicious pass-challenge pages that cause a user to execute arbitrary JavaScript...

CVE-2025-54414 Anubis accepts crafted redirect URLs in pass-challenge 'Try Again' buttons

Anubis is a Web AI Firewall Utility that weighs the soul of users' connections using one or more challenges in order to protect upstream resources from scraper bots. In versions 1.21.2 and below, attackers can craft malicious pass-challenge pages that cause a user to execute arbitrary JavaScript...

CVE-2025-54414 Anubis accepts crafted redirect URLs in pass-challenge 'Try Again' buttons

Anubis is a Web AI Firewall Utility that weighs the soul of users' connections using one or more challenges in order to protect upstream resources from scraper bots. In versions 1.21.2 and below, attackers can craft malicious pass-challenge pages that cause a user to execute arbitrary JavaScript...

Anubis 安全漏洞

Anubis is a tool for Xe Iaso Individual Developers. A security vulnerability exists in Anubis 1.21.2 and earlier versions that originates from a malicious pass-challenge page could lead to the execution of arbitrary JavaScript code...

CVE-2025-52360

A Cross-Site Scripting XSS vulnerability exists in the OPAC search feature of Koha Library Management System v24.05. Unsanitized input entered in the search field is reflected in the search history interface, leading to the execution of arbitrary JavaScript in the browser context when the user...