Lucene search
K

5968 matches found

NVD
NVD
added 2025/04/22 6:16 p.m.11 views

CVE-2025-32961

The Cuba JPA web API enables loading and saving any entities defined in the application data model by sending simple HTTP requests. Prior to version 1.1.1, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name...

6.4CVSS0.00262EPSS
Exploits0References4
NVD
NVD
added 2025/04/22 6:15 p.m.10 views

CVE-2025-32951

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...

6.4CVSS0.00291EPSS
Exploits0References9
OSV
OSV
added 2025/04/22 5:45 p.m.11 views

CVE-2025-32960 CUBA Generic REST API Vulnerable to Cross-Site Scripting (XSS) in the /files Endpoint

The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...

6.4CVSS6.6AI score0.00262EPSS
Exploits0References7
OSV
OSV
added 2025/04/22 5:32 p.m.5 views

CVE-2025-32951 io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...

6.4CVSS6.6AI score0.00291EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2025/04/22 5:32 p.m.5 views

CVE-2025-32951 io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...

6.4CVSS7.1AI score0.00291EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/04/22 12:0 a.m.7 views

PT-2025-17576 · Unknown · Cuba Rest Api Add-On

Name of the Vulnerable Software and Affected Versions: CUBA REST API add-on versions prior to 7.2.7 Description: The issue allows malicious JavaScript code to be executed in the browser by manipulating the input parameter, which consists of a file path and name, to return the Content-Type header...

6.4CVSS6.2AI score0.00291EPSS
Exploits0References24
Positive Technologies
Positive Technologies
added 2025/04/22 12:0 a.m.7 views

PT-2025-17577 · Cuba Jpa · Cuba Jpa

Name of the Vulnerable Software and Affected Versions: Cuba JPA versions prior to 1.1.1 Description: The Cuba JPA web API allows loading and saving entities defined in the application data model through simple HTTP requests. Prior to version 1.1.1, the input parameter, which includes a file path...

6.4CVSS6.3AI score0.00262EPSS
Exploits0References12
CNNVD
CNNVD
added 2025/04/22 12:0 a.m.3 views

CUBA REST API Add-on 跨站脚本漏洞

CUBA REST API Add-on is a general-purpose REST API open-sourced by CUBA Platform. A cross-site scripting vulnerability exists in CUBA REST API Add-on versions prior to 7.2.7, which stems from improper file path manipulation and could lead to malicious JavaScript execution...

6.4CVSS5.8AI score0.00262EPSS
Exploits0References5
CVE
CVE
added 2025/04/18 4:4 p.m.71 views

CVE-2025-32792

CVE-2025-32792 affects SES’s isolation in the Compartment API. Before 1.12.0, web pages/extensions that used top-level const/let/class bindings in scripts could leak those bindings into the lexical scope of evaluated third-party code. The issue is fixed in SES 1.12.0; mitigations include avoiding...

8.7CVSS7AI score0.00443EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/18 12:0 a.m.2 views

TP-LINK TL-WR841N 安全漏洞

TP-LINK TL-WR841N is a wireless router from China P&L TP-LINK. A security vulnerability exists in TP-LINK TL-WR841N v14/v14.6/v14.8 Build 241230 Rel. 50788n and prior versions, which originates from the presence of stored cross-site scripting on the upnp.htm page, which could lead to the executio...

8.6CVSS6.1AI score0.00565EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/04/17 12:0 a.m.9 views

RabbitMQ 3.8.x < 3.8.17 XSS

The version of RabbitMQ installed on the remote host is 3.8.x prior to 3.8.17. It is, therefore, affected by a cross-site scripting vulnerability: - In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation...

5.4CVSS5.9AI score0.01437EPSS
Exploits1References2
Veracode
Veracode
added 2025/04/16 6:15 a.m.6 views

Arbitrary Code Execution (ACE)

Tarteaucitron.js is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to insufficient URL validation, allowing a user with high privileges to input a URL with an insecure scheme, such as javascript:alert, which could lead to arbitrary JavaScript execution when clicked...

4.8CVSS7.1AI score0.00307EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/04/16 12:0 a.m.25 views

The vulnerability of the E-Staff automated recruitment process system, related to errors in data filtering during object updates, allows a perpetrator to execute arbitrary JavaScript code.

The vulnerability of the E-Staff recruitment process automation system is related to errors in data filtering during object updates. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code remotely...

9.9CVSS5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/11 12:12 a.m.11 views

CVE-2025-30292

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's...

6.1CVSS5.8AI score0.12031EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2025/04/11 12:0 a.m.319 views

📄 Roundcube 1.6.6 Cross Site Scripting

Roundcube mail server versions earlier than 1.5.6 and 1.6 through 1.6.6 suffer from a persistent cross site scripting vulnerability. Exploit Title: Roundcube mail server exploit for CVE-2024-37383 Stored XSS Google Dork: Exploit Author: AmirZargham Vendor Homepage: Roundcube - Free and Open Sourc...

6.1CVSS6.5AI score0.73296EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2025/04/10 3:58 a.m.7 views

CVE-2025-31476

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges access to the site's source code or a CMS plugin to enter a URL containing an insecure scheme such as javascript:alert. Before the fix, URL...

4.8CVSS7AI score0.00307EPSS
Exploits0References1
NVD
NVD
added 2025/04/09 4:15 p.m.15 views

CVE-2025-32379

Koa is expressive middleware for Node.js using ES2017 async functions. In koa 2.16.1 and 3.0.0-alpha.5, passing untrusted user input to ctx.redirect even after sanitizing it, may execute javascript code on the user who use the app. This issue is patched in 2.16.1 and 3.0.0-alpha.5...

6.1CVSS0.00228EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/04/09 1:0 p.m.9 views

Koajs vulnerable to Cross-Site Scripting (XSS) at ctx.redirect() function

Summary In koa 2.16.1 and 3.0.0-alpha.5, passing untrusted user input to ctx.redirect even after sanitizing it, may execute javascript code on the user who use the app. Patches This issue is patched in 2.16.1 and 3.0.0-alpha.5. PoC Coming soon... Impact 1. Redirect user to another phishing site 2...

6.1CVSS5.1AI score0.00228EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.3 views

PT-2025-15755

Name of the Vulnerable Software and Affected Versions: Koa versions prior to 2.16.1 Koa versions prior to 3.0.0-alpha.5 Description: The issue arises when passing untrusted user input to ctx.redirect, which can execute JavaScript code on the user's device, even after sanitizing the input...

5CVSS6.5AI score0.00228EPSS
Exploits0References8
NVD
NVD
added 2025/04/08 8:15 p.m.22 views

CVE-2025-30292

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's...

6.1CVSS0.12031EPSS
Exploits0References1
Rows per page
Query Builder