CVE-2022-42449 HCL Domino Volt is affected by an unrestricted upload of a dangerous file type

Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications...

CVE-2022-42449

CVE-2022-42449 affects HCL Domino Volt. The root cause is an unsafe default file-type filtering policy that allows uploading .html files, enabling execution of unsafe JavaScript in deployed applications. Documents consistently describe the issue but do not provide a confirmed patch version or rem...

CVE-2022-27562

CVE-2022-27562 is reported across multiple sources as a vulnerability in HCL Domino Volt caused by an unsafe default file-type filtering policy. This policy allows uploading of .html files and the execution of unsafe JavaScript in deployed applications, without publicly documented a fix in the co...

CVE-2022-27562 HCL Domino Volt is affected by an unrestricted upload of a dangerous file type

Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications...

CVE-2025-46558

XWiki Contrib's Syntax Markdown allows importing Markdown content into wiki pages and creating wiki content in Markdown. In versions starting from 8.2 to before 8.9, the Markdown syntax is vulnerable to cross-site scripting XSS through HTML. In particular, using Markdown syntax, it's possible for...

GHSA-8G2J-RHFH-HQ3R org.xwiki.contrib.markdown:syntax-markdown-commonmark12 vulnerable to XSS via Markdown content

Impact The Markdown syntax is vulnerable to XSS through HTML. In particular, using Markdown syntax, it's possible for any user to embed Javascript code that will then be executed on the browser of any other user visiting either the document or the comment that contains it. In the instance that th...

PT-2025-18331 · Hcl · Hcl Domino Volt

Name of the Vulnerable Software and Affected Versions: HCL Domino Volt affected versions not specified Description: The issue concerns an unsafe default file type filter policy that allows the upload of .html files, leading to the execution of unsafe JavaScript in deployed applications. This coul...

CVE-2025-40616

Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...

CVE-2025-40615

Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/apiajustes.php...

CVE-2025-40616 Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy

Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "IDRESERVA" parameter in /bkgimprimircomprobante.php...

CVE-2025-40616

Bookgy’s CVE-2025-40616 is a reflected XSS in the IDRESERVA parameter of /bkg_imprimir_comprobante.php. The vulnerability arises from unsanitized input reflected in the response, allowing an attacker to execute JavaScript in the victim’s browser. Connected sources confirm the issue but do not spe...

CVE-2025-40615 Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy

Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/apiajustes.php...

CVE-2025-40615 Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy

Reflected Cross-Site Scripting XSS vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the "TEXTO" parameter in /api/apiajustes.php...

YesWiki Stored XSS Vulnerability in Comments

Summary A stored cross-site scripting XSS vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user viewing the affected comment. The XSS occurs because the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the showUploadForm method, any malicious unauthenticated user can create a link that can be clicked on in the victim context to perform arbitrary actions. An attacker can execute arbitrary JavaScript code by...

CVE-2025-3929

CVE-2025-3929 concerns the MDaemon Email Server (versions 25.0.1 and below). The issue is a stored XSS vulnerability where an attacker can send a specially crafted HTML email containing JavaScript in an img tag. When viewed in a webmail client, this could execute arbitrary JavaScript in the user’...

CVE-2025-46338 Audiobookshelf Vulnerable to Cross-Site-Scripting Reflected via POST Request in /api/upload

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the /api/upload endpoint allows an attacker to perform a reflected cross-site scripting XSS attack by submitting malicious payloads in the libraryId field. The...

CVE-2025-46338 Audiobookshelf Vulnerable to Cross-Site-Scripting Reflected via POST Request in /api/upload

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the /api/upload endpoint allows an attacker to perform a reflected cross-site scripting XSS attack by submitting malicious payloads in the libraryId field. The...

PT-2025-18174 · Bookgy · Bookgy

Name of the Vulnerable Software and Affected Versions: Bookgy affected versions not specified Description: A Reflected Cross-Site Scripting XSS issue exists, allowing an attacker to execute JavaScript code in a victim's browser. This is achieved by sending a malicious URL through the IDRESERVA...

CVE-2025-3706

The eHRMS from 104 Corporation has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...