webkitgtk: arbitrary javascript code execution

A vulnerability was found in WebKit. This flaw allows a remote attacker to cause arbitrary javascript code execution...

webkitgtk: attacker with JavaScript execution may be able to execute arbitrary code

A flaw was found in WebKitGTK. An attacker may be able to execute JavaScript code to trigger Remote Code Execution, resulting in a high impact on data confidentiality, integrity, and system availability...

SUSE CVE-2025-48495

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0,...

CVE-2025-53599

CVE-2025-53599 affects Whale browser for iOS prior to 3.9.1.4206. The issue arises from a crafted JavaScript scheme that enables an attacker to execute malicious scripts in the browser. Affected software is Whale on iOS; root cause is exploitation via a specific JavaScript scheme. Impact, per ava...

Citizen Short Description stored XSS vulnerability through wikitext

Summary Short descriptions are not properly sanitized by the ShortDescription before being inserted as HTML using mw.util.addSubtitle, allowing any user to insert arbitrary HTML into the DOM by editing a page. Details The description provided by the user via the SHORTDESC: parser function is...

GHSA-P85Q-MWW9-GWQF Citizen Short Description stored XSS vulnerability through wikitext

Summary Short descriptions are not properly sanitized by the ShortDescription before being inserted as HTML using mw.util.addSubtitle, allowing any user to insert arbitrary HTML into the DOM by editing a page. Details The description provided by the user via the SHORTDESC: parser function is...

Citizen vulnerable to Stored XSS through short descriptions

Summary Short descriptions set via the ShortDescription extension are inserted as raw HTML by the Citizen skin, allowing any user to insert arbitrary HTML into the DOM by editing a page. Details The shortdesc property, which contains unsanitized user input, is retrieved from the OutputPage and...

GHSA-PRMV-7R8C-794G Citizen vulnerable to Stored XSS through short descriptions

Summary Short descriptions set via the ShortDescription extension are inserted as raw HTML by the Citizen skin, allowing any user to insert arbitrary HTML into the DOM by editing a page. Details The shortdesc property, which contains unsanitized user input, is retrieved from the OutputPage and...

Cross-site Scripting (XSS)

github.com/gogs/gogs is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the inclusion of an outdated version of pdfjs v1.4.20 that allows client-side JavaScript execution...

CVE-2025-40733

Reflected Cross-Site Scripting XSS vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the username parameter in /login.php...

Stored Cross-site Scripting (XSS)

File Browser is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of Markdown content, allowing JavaScript code in uploaded Markdown files to be executed by the browser...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : yelp (SUSE-SU-2025:02170-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02170-1 advisory. - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files...

CVE-2025-40733

Reflected Cross-Site Scripting XSS vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the username parameter in /login.php...

CVE-2025-40734

Reflected Cross-Site Scripting XSS vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the password and confirmpassword parameters in /register.php...

CVE-2025-40734 Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager

Reflected Cross-Site Scripting XSS vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the password and confirmpassword parameters in /register.php...

CVE-2025-40733

CVE-2025-40733 is a reflected XSS vulnerability in Daily Expense Manager v1.0. The issue arises from insufficient filtering/escaping of user-supplied data in the POST parameter username of /login.php, allowing an attacker to execute JavaScript when a user interacts with the login flow. Multiple s...

CVE-2025-40733 Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager

Reflected Cross-Site Scripting XSS vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the username parameter in /login.php...

CVE-2025-40733 Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager

Reflected Cross-Site Scripting XSS vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the username parameter in /login.php...

SUSE-SU-2025:02170-1 Security update for yelp

This update for yelp fixes the following issues: - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688...

SUSE-SU-2025:02169-1 Security update for yelp

This update for yelp fixes the following issues: - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688...