Security update for yelp

This update for yelp fixes the following issues: CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Security update for yelp-xsl

This update for yelp-xsl fixes the following issues: CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE-SU-2025:02168-1 Security update for yelp-xsl

This update for yelp-xsl fixes the following issues: - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688...

PT-2025-27426 · Unknown · Daily Expense Manager

Name of the Vulnerable Software and Affected Versions: Daily Expense Manager version 1.0 Description: The issue is a Reflected Cross-Site Scripting XSS vulnerability that allows an attacker to execute JavaScript code. This is achieved by sending a POST request through the password and confirm...

The vulnerability in the online business analytics web interface of IBM Cognos Analytics allows a perpetrator to execute arbitrary JavaScript code and expose account information.

The vulnerability of the online business analytics web interface of IBM Cognos Analytics relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code and disclose user credentials...

CVE-2025-52902

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The Markdown preview function of File Browser prior to v2.33.7 is vulnerable to Stored Cross-Site-Scripting XSS. Any JavaScript code that is part of a...

SUSE SLES12 Security Update : yelp-xsl (SUSE-SU-2025:02153-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:02153-1 advisory. - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688. Tenable has...

Security update for yelp-xsl

This update for yelp-xsl fixes the following issues: CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

SUSE-SU-2025:02153-1 Security update for yelp-xsl

This update for yelp-xsl fixes the following issues: - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688...

CVE-2025-52561

HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to version 0.2.1, when adding the style tag to the whitelist, content inside the tag is incorrectly unescaped, and closing tags injected as content are interpreted as real HTML, enabling tag injection and JavaScript execution. This could...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the pdfjs-1.4.20 component under public/plugins/. An attacker can execute arbitrary JavaScript code in the context of the user's browser by injecting malicious scripts into PDF files rendered by the...

CVE-2025-47943

CVE-2025-47943 affects Gogs (self-hosted Git service). The vulnerability is a stored XSS in the PDF rendering path, caused by an outdated pdfjs-1.4.20 component located under public/plugins/. Affected versions are 0.14.0+dev and prior. The issue has been fixed in gogs.io/gogs with version 0.13.3 ...

CVE-2025-34032

A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript...

PT-2025-26659 · Moodle · Moodle Lms Jmol Plugin

Name of the Vulnerable Software and Affected Versions: Moodle LMS Jmol plugin versions 6.1 and prior Description: A reflected cross-site scripting XSS issue exists due to the application's failure to properly sanitize user input before embedding it into the HTTP response. This allows an attacker ...

CVE-2025-52561

HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to version 0.2.1, when adding the style tag to the whitelist, content inside the tag is incorrectly unescaped, and closing tags injected as content are interpreted as real HTML, enabling tag injection and JavaScript execution. This could...

CVE-2025-52561 HTMLSanitizer.jl Possible XSS

HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to version 0.2.1, when adding the style tag to the whitelist, content inside the tag is incorrectly unescaped, and closing tags injected as content are interpreted as real HTML, enabling tag injection and JavaScript execution. This could...

CVE-2025-52561 HTMLSanitizer.jl Possible XSS

HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to version 0.2.1, when adding the style tag to the whitelist, content inside the tag is incorrectly unescaped, and closing tags injected as content are interpreted as real HTML, enabling tag injection and JavaScript execution. This could...

CVE-2025-52561 HTMLSanitizer.jl Possible XSS

HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to version 0.2.1, when adding the style tag to the whitelist, content inside the tag is incorrectly unescaped, and closing tags injected as content are interpreted as real HTML, enabling tag injection and JavaScript execution. This could...

CVE-2025-48700

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting XSS vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information...

CVE-2025-48700

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting XSS vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information...