CVE-2025-2869 Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System

Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the id parameter in /manageuser.php...

CVE-2025-2869

CVE-2025-2869 is a reflected XSS vulnerability in Clinic Queuing System version 1.0. The issue arises from the id parameter in /manage_user.php, allowing an attacker to inject JavaScript that executes in a victim’s browser when the URL is viewed. Connected sources corroborate a reflective XSS pat...

CVE-2025-2868

The CVE-2025-2868 entry describes a Reflected XSS in Clinic Queuing System version 1.0. The vulnerability allows an attacker to execute JavaScript in a victim’s browser by supplying a malicious URL to the page parameter in /index.php. Affected software is the Clinic Queuing System (v1.0). The pro...

CVE-2025-2868 Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System

Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /index.php...

CVE-2025-2868 Reflected Cross-Site Scripting (XSS) vulnerability in Clinic Queuing System

Reflected Cross-Site Scripting XSS vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /index.php...

Cross-site Scripting (XSS)

Overview org.webjars.npm:vega-functions is a Custom functions for the Vega expression language. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the RegExp.prototype@@replace method. An attacker can execute arbitrary JavaScript code by manipulating the input to...

CVE-2025-27793

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to version 5.17.0, users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code...

CVE-2025-26619

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In vega 5.30.0 and lower and in vega-functions 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be...

CVE-2025-27793 Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace]

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to version 5.17.0, users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code...

CVE-2025-27793

Vega (visualization grammar) and the related Vega-lite JSON workflow are affected by CVE-2025-27793. In Vega versions prior to 5.32.0 (and vega-functions prior to 5.17.0), processing Vega/Vega-lite JSON could cause execution of unintended JavaScript unless the library is used with the vega-interp...

CVE-2025-31165

Cross-Site Scripting XSS vulnerability in the Logbug module of NightWolf Penetration Testing Platform 1.2.2 allows attackers to execute JavaScript through the markdown editor feature...

CVE-2025-31165 Cross Site Scripting in NightWolf Penetration Platform

Cross-Site Scripting XSS vulnerability in the Logbug module of NightWolf Penetration Testing Platform 1.2.2 allows attackers to execute JavaScript through the markdown editor feature...

CVE-2025-31165

CVE-2025-31165 is an XSS vulnerability in the Logbug module of NightWolf Penetration Testing Platform 1.2.2 , specifically through the markdown editor feature . The description states that attackers can execute JavaScript via this editor. The CVSS metrics included indicate a base score of 6.9 (Me...

CVE-2025-31165 Cross Site Scripting in NightWolf Penetration Platform

Cross-Site Scripting XSS vulnerability in the Logbug module of NightWolf Penetration Testing Platform 1.2.2 allows attackers to execute JavaScript through the markdown editor feature...

Cross-site Scripting (XSS)

AgentScope is vulnerable to Cross-site scripting XSS. The vulnerability is due to improper handling of user input, where the run ID is rendered as HTML without proper sanitization, allowing an attacker to execute arbitrary JavaScript in the user's browser...

NightWolf Penetration Testing Platform 跨站脚本漏洞

NightWolf Penetration Testing Platform is an open source cybersecurity testing tool from NightWolf designed for red teams and penetration testers for vulnerability exploitation, elevation of privilege and lateral movement testing. A security vulnerability exists in NightWolf Penetration Testing...

Vega 安全漏洞

Vega is a Javscript-based software from the Vega team that can be used to create interactive visual displays. The software can describe data visualizations using JSON format and generate interactive views using HTML5 Canvas or SVG. A security vulnerability exists in Vega versions prior to 5.32.0...

UBUNTU-CVE-2025-27405

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of tha...

AZL-59276 CVE-2025-30219 affecting package rabbitmq-server for versions less than 3.11.24-3

RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable with other on disk file modifications can lead to arbitrary JavaScript code execution in the browsers of...

CVE-2025-30219 RabbitMQ has XSS Vulnerability in an Error Message in Management UI

RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable with other on disk file modifications can lead to arbitrary JavaScript code execution in the browsers of...