Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-15862)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-15868)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-15867)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-15864)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-15863)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2024-55878

SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in version 1.0.12 and prior to version 1.1.12, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Version 1.1.12 fixes the issue. As a workaround, don't use direct...

GHSA-X6MH-RJWM-8PH7 Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx

Impact When calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Patches The supplied patch resolves this vulnerability for SimpleXLSX. Use 1.1.12 Workarounds Don't use direct publication via toHTMLEx This vulnerability was discovered by Aleksey Solovev...

Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx

Impact When calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Patches The supplied patch resolves this vulnerability for SimpleXLSX. Use 1.1.12 Workarounds Don't use direct publication via toHTMLEx This vulnerability was discovered by Aleksey Solovev...

CVE-2024-55878 Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx

SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in version 1.0.12 and prior to version 1.1.12, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Version 1.1.12 fixes the issue. As a workaround, don't use direct...

CVE-2024-47947

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function...

CVE-2024-36498 Stored cross site scripting

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function...

PT-2024-36597 · Unknown · Simplexlsx

Name of the Vulnerable Software and Affected Versions: SimpleXLSX versions 1.0.12 through 1.1.12 Description: The issue allows for the execution of arbitrary JavaScript code when calling the extended toHTMLEx method. This can be exploited in versions prior to 1.1.12. The estimated number of...

CVE-2024-53274

Habitica (open‑source habit builder) is affected by CVE-2024-53274. The vulnerability is a reflected XSS in the /home context via the register function in home.vue, caused by an insufficient sanitization function. An attacker can abuse a malicious redirectTo parameter to execute arbitrary JavaScr...

CVE-2024-53274 GHSL-2024-111: Reflected XSS in /home in habitica

Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The register function in home.vue containsa reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious redirectTo parameter...

CVE-2024-53274 GHSL-2024-111: Reflected XSS in /home in habitica

Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The register function in home.vue containsa reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious redirectTo parameter...

Numerix License Server 安全漏洞

Numerix License Server is a license server from Numerix, Inc. A security vulnerability exists in Numerix License Server version 1.1596, which originates from a user clicking on a malicious link or visiting an attacker-controlled Web site can be infected with arbitrary JavaScript running in the...

CVE-2024-52992

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-52993

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-52862

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-52864

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...