Cadwyn vulnerable to XSS on the docs page

Summary The version parameter of the /docs endpoint is vulnerable to a Reflected XSS Cross-Site Scripting attack. PoC 1. Setup a minimal app following the quickstart guide: https://docs.cadwyn.dev/quickstart/setup/ 2. Click on the following PoC link:...

IBM Engineering Requirements Management DOORS 9.7.2.9 < 9.7.2.10 Multiple Vulnerabilities (7238992)

The version of IBM Engineering Requirements Management DOORS formerly IBM Rational DOORS installed on the remote host is 9.7.2.9 prior to 9.7.2.10. It is, therefore, affected by multiple vulnerabilities as referenced in the 7238992 advisory. - CKEditor4 is an open source WYSIWYG HTML editor. In...

Cross-Site Scripting (XSS)

ag-grid is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of grid contents, which allows an attacker to execute arbitrary JavaScript when user input is rendered in the grid...

CVE-2025-53925 Emlog has Stored Cross-site Scripting vulnerability in file upload functionality

Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the file upload functionality. As an authenticated user it is possible to upload an .s...

PT-2025-29543 · Unknown · Pharmacy Pos Php Script

Name of the Vulnerable Software and Affected Versions: Pharmacy POS PHP Script affected versions not specified Description: A stored Cross-Site Scripting XSS issue exists in Pharmacy POS PHP Script. Successful exploitation allows an attacker to execute JavaScript code in a victim’s browser. This ...

CVE-2025-45662

A cross-site scripting XSS vulnerability in the component /master/login.php of mpgram-web commit 94baadb allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload...

CVE-2025-52357

Cross-Site Scripting XSS vulnerability exists in the ping diagnostic feature of FiberHome FD602GW-DX-R410 router firmware V2.2.14, allowing an authenticated attacker to execute arbitrary JavaScript code in the context of the router s web interface. The vulnerability is triggered via user-supplied...

@pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation

Summary The expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical vulnerabilities allowing sandbox escape leading to XSS and prototype pollution attacks. Details 1. Sandbox Escape Leading to XSS The expression evaluator's sandbox can be bypassed to execute arbitrary JavaScript...

GHSA-54XV-94QV-2GFG @pdfme/common vulnerable to to XSS and Prototype Pollution through its expression evaluation

Summary The expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical vulnerabilities allowing sandbox escape leading to XSS and prototype pollution attacks. Details 1. Sandbox Escape Leading to XSS The expression evaluator's sandbox can be bypassed to execute arbitrary JavaScript...

CVE-2025-40720

Reflected Cross-site Scripting XSS vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the campo parameter in /FacturaE/VerFacturaPDF...

CVE-2025-40719

Reflected Cross-site Scripting XSS vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the idconcesion parameter in /FacturaE/VerFacturaPDF...

CVE-2025-40721

Reflected Cross-site Scripting XSS vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the idfactura parameter in /FacturaE/listadofacturasficha.jsp...

CVE-2025-45662

A cross-site scripting XSS vulnerability in the component /master/login.php of mpgram-web commit 94baadb allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload...

CVE-2025-45662

A cross-site scripting XSS vulnerability in the component /master/login.php of mpgram-web commit 94baadb allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload...

PT-2025-29149 · Unknown · Mpgram-Web

Name of the Vulnerable Software and Affected Versions: mpgram-web commit 94baadb Description: A cross-site scripting XSS issue exists in the /master/login.php component. This allows attackers to execute arbitrary Javascript in the context of a user's browser using a crafted payload...

CVE-2025-45662

CVE-2025-45662 affects mpgram-web (commit 94baadb) with a vulnerability in /master/login.php enabling cross-site scripting (XSS). An attacker can inject arbitrary Javascript in the victim’s browser. Documented impact: JavaScript execution in user context; CVSSv3.1 base score 6.1 (Medium) with net...

MPGram Web 跨站脚本漏洞

MPGram Web is a lightweight telegram based web client from the individual developer Arman Jussupgaliyev. MPGram Web suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting attack in which an attacker can execute arbitrary Javascript in the contex...

CVE-2025-53486

The WikiCategoryTagCloud extension is vulnerable to reflected XSS via the linkstyle attribute, which is improperly concatenated into inline HTML without escaping. An attacker can inject JavaScript event handlers such as onmouseenter using carefully crafted input via the tag:tagcloud parser...

CVE-2025-52357

Cross-Site Scripting XSS vulnerability exists in the ping diagnostic feature of FiberHome FD602GW-DX-R410 router firmware V2.2.14, allowing an authenticated attacker to execute arbitrary JavaScript code in the context of the router s web interface. The vulnerability is triggered via user-supplied...

CVE-2025-49547 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions FP11.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...