5912 matches found
CVE-2025-40719
Reflected Cross-site Scripting XSS vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the idconcesion parameter in /FacturaE/VerFacturaPDF...
CVE-2025-40720
Reflected Cross-site Scripting XSS vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the campo parameter in /FacturaE/VerFacturaPDF...
CVE-2025-40721 Reflected Cross-site Scripting (XSS) vulnerability in Quiter Gateway
Reflected Cross-site Scripting XSS vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the idfactura parameter in /FacturaE/listadofacturasficha.jsp...
CVE-2025-40721
Summary of the CVE-2025-40721 details: Quiter Gateway (versions prior to 4.7.0) is affected by a reflected XSS vulnerability. The issue arises from user-supplied input in the id_factura parameter passed to the endpoint /FacturaE/listado_facturas_ficha.jsp, allowing an attacker to inject and execu...
CVE-2025-40721 Reflected Cross-site Scripting (XSS) vulnerability in Quiter Gateway
Reflected Cross-site Scripting XSS vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the idfactura parameter in /FacturaE/listadofacturasficha.jsp...
CVE-2025-40720 Reflected Cross-site Scripting (XSS) vulnerability in Quiter Gateway
Reflected Cross-site Scripting XSS vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the campo parameter in /FacturaE/VerFacturaPDF...
CVE-2025-40720
Summary of CVE-2025-40720 : A reflected XSS in Quiter Gateway (versions prior to 4.7.0) where an attacker can inject JavaScript via the campo parameter in the endpoint path /FacturaE/VerFacturaPDF. Affected product: Quiter Gateway (Quieter) V4.x before 4.7.0. Root cause: unsanitized/reflected inp...
CVE-2025-40720 Reflected Cross-site Scripting (XSS) vulnerability in Quiter Gateway
Reflected Cross-site Scripting XSS vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the campo parameter in /FacturaE/VerFacturaPDF...
CVE-2025-40719 Reflected Cross-site Scripting (XSS) vulnerability in Quiter Gateway
Reflected Cross-site Scripting XSS vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the idconcesion parameter in /FacturaE/VerFacturaPDF...
CVE-2025-40719
CVE-2025-40719 affects Quiter Gateway, with vulnerable versions prior to 4.7.0. The underlined issue is a Reflected XSS in the id_concesion parameter of the endpoint “/FacturaE/VerFacturaPDF,” allowing an attacker to execute JavaScript in the victim’s browser. Public sources consistently identify...
CVE-2025-40719 Reflected Cross-site Scripting (XSS) vulnerability in Quiter Gateway
Reflected Cross-site Scripting XSS vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the idconcesion parameter in /FacturaE/VerFacturaPDF...
PT-2025-28415 · Unknown · Quiter Gateway
Name of the Vulnerable Software and Affected Versions: Quiter Gateway versions prior to 4.7.0 Description: The issue is a Reflected Cross-site Scripting XSS vulnerability that allows an attacker to execute JavaScript code in the victim's browser. This is achieved by sending a malicious URL throug...
PT-2025-28416 · Unknown · Quiter Gateway
Name of the Vulnerable Software and Affected Versions: Quiter Gateway versions prior to 4.7.0 Description: A Reflected Cross-site Scripting XSS issue allows an attacker to execute JavaScript code in a victim's browser. This is achieved by sending a malicious URL through the id factura parameter i...
PT-2025-28747 · Adobe · Coldfusion
Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier Description: The issue is a stored Cross-Site Scripting XSS vulnerability that could be exploited by a high-privileged attacker to inject malicious scripts into vulnerable form fields...
CVE-2025-53486
The WikiCategoryTagCloud extension is vulnerable to reflected XSS via the linkstyle attribute, which is improperly concatenated into inline HTML without escaping. An attacker can inject JavaScript event handlers such as onmouseenter using carefully crafted input via the tag:tagcloud parser...
CVE-2025-53486 WikiCategoryTagCloud: Reflected Cross-Site Scripting (XSS) via linkstyle attribute in parser function
The WikiCategoryTagCloud extension is vulnerable to reflected XSS via the linkstyle attribute, which is improperly concatenated into inline HTML without escaping. An attacker can inject JavaScript event handlers such as onmouseenter using carefully crafted input via the tag:tagcloud parser...
CVE-2025-53486
CVE-2025-53486 affects MediaWiki WikiCategoryTagCloud extension via reflected XSS in the linkstyle attribute. The issue arises because the value is passed through Sanitizer::checkCss() (which does not escape HTML) and concatenated into a style attribute instead of using proper HTML element creati...
CVE-2025-53486 WikiCategoryTagCloud: Reflected Cross-Site Scripting (XSS) via linkstyle attribute in parser function
The WikiCategoryTagCloud extension is vulnerable to reflected XSS via the linkstyle attribute, which is improperly concatenated into inline HTML without escaping. An attacker can inject JavaScript event handlers such as onmouseenter using carefully crafted input via the tag:tagcloud parser...
CVE-2025-4779
lunary-ai/lunary versions prior to 1.9.24 are vulnerable to stored cross-site scripting XSS. An unauthenticated attacker can inject malicious JavaScript into the v1/runs/ingest endpoint by adding an empty citations field, triggering a code path where dangerouslySetInnerHTML is used to render...
webkitgtk: arbitrary javascript code execution
A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution...