F5 BIG-IP 跨站脚本漏洞

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. F5 BIG-IP suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and...

PT-2025-5741 · F5 · Big-Ip Configuration Utility

Name of the Vulnerable Software and Affected Versions: BIG-IP Configuration utility affected versions not specified Description: A stored cross-site scripting XSS issue exists in an undisclosed page of the BIG-IP Configuration utility, allowing an attacker to run JavaScript in the context of the...

CVE-2024-53966 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-22602

Discourse is an open source platform for community discussion. In affected versions an attacker can execute arbitrary JavaScript on users' browsers by posting a malicious video placeholder html element. This issue only affects sites with CSP disabled. This problem has been patched in the latest...

CVE-2024-56328

CVE-2024-56328 affects Discourse (onebox URL handling). An attacker can cause the execution of arbitrary JavaScript in a user’s browser by posting a maliciously crafted onebox URL, with impact on sites where CSP is disabled. The root cause is the Onebox URL processing in Discourse that allows inl...

CVE-2024-56328 HTMLi(XSS without CSP) via Onebox urls in Discourse

Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by posting a maliciously crafted onebox url. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are...

CVE-2025-22602

Discourse vulnerability CVE-2025-22602: Stored DOM-based XSS via video placeholders in Discourse posts can allow arbitrary JavaScript execution in users’ browsers when CSP is disabled. Descriptions across multiple sources confirm the issue is triggered by a malicious video placeholder HTML elemen...

CVE-2025-1015

The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book,...

CVE-2025-1015

The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book,...

CVE-2025-1015

The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book,...

CVE-2025-1015 Unsanitized address book fields

The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book,...

CVE-2025-1015 Unsanitized address book fields

The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book,...

Thundirbird -- unprivileged JavaScript code execution

[email protected] reports: The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the Other field of the Instant Messaging section. If another user...

PT-2025-4849 · Phpoffice · Phpspreadsheet

Name of the Vulnerable Software and Affected Versions: phpoffice/phpspreadsheet versions prior to 1.29.9 phpoffice/phpspreadsheet versions prior to 2.1.8 phpoffice/phpspreadsheet versions prior to 2.3.7 phpoffice/phpspreadsheet versions prior to 3.9.0 Description: The issue is related to a bypass...

CVE-2024-53943

CVE-2024-53943 affects NRadio N8-180 NROS-1.9.2.n3.c5. The endpoint "/cgi-bin/luci/nradio/basic/radio" is vulnerable to XSS via the 2.4 GHz and 5 GHz name parameters, allowing an attacker to inject JavaScript into the SSID field that runs in the admin’s browser when they log in. Documented impact...

GHSA-MM49-4F2G-C3WF DevDojo Voyager vulnerable to reflected Cross-site Scripting

DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed...

CVE-2024-55416

Summary: CVE-2024-55416 affects DevDojo Voyager up to version 1.8.0. The issue is a reflected Cross-Site Scripting (XSS) vulnerability triggered via the /admin/compass endpoint, requiring an authenticated user to click a crafted link. The attack can execute arbitrary JavaScript in the administrat...

CVE-2024-55416

DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed...

Whatsup Gold, Observium and Offis vulnerabilities

Cisco Talos' Vulnerability Research team recently disclosed three vulnerabilities in Observium, three vulnerabilities in Offis, and four vulnerabilities in Whatsup Gold. These vulnerabilities exist in Observium, a network observation and monitoring system; Offis DCMTK, a collection of libraries a...

Cross-Site Scripting (XSS)

phpmyadmin/phpmyadmin is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in table or database names within the check tables feature, allowing an attacker to execute arbitrary JavaScript in the victim's browser...