5006 matches found
PT-2025-31203 · Logic +1 · Logic +1
Name of the Vulnerable Software and Affected Versions: Vivaldi United Group iCONTROL+ Server versions 4.7.8.0.eden Logic 5.32 and earlier Description: A cross-site scripting issue exists in Vivaldi United Group iCONTROL+ Server. This allows attackers to inject JavaScript payloads into the error o...
CVE-2025-52358
A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ Server including Firmware version 4.7.8.0.eden Logic version 5.32 and below. This issue allows attackers to inject JavaScript payloads within the error or edit-menu-item parameters which are then executed in the victim's brows...
CVE-2025-52358
A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ Server including Firmware version 4.7.8.0.eden Logic version 5.32 and below. This issue allows attackers to inject JavaScript payloads within the error or edit-menu-item parameters which are then executed in the victim's brows...
CVE-2025-52358
CVE-2025-52358 affects Vivaldi United Group iCONTROL+ Server (firmware 4.7.8.0.eden Logic 5.32 and earlier). The vulnerability is a cross-site scripting issue where attackers can inject JavaScript payloads into error or edit-menu-item parameters, which are executed in the victim’s browser session...
Exploit for Cross-site Scripting in Atmail
AWAE/OSWE Preparation for coming AWAE Training. Work in progress... Atmail Mail Server Appliance: from XSS to RCE 6.4 CVE-2012-2593 - https://www.exploit-db.com/exploits/20009 - https://github.com/sourceincite/poc/blob/master/SRC-2016-0012.py ATutor Authentication Bypass and RCE 2.2.1 CVE-2016-25...
CVE-2025-51411
CVE-2025-51411 affects Institute-of-Current-Students v1.0, with a reflected XSS vulnerability in the /postquerypublic endpoint via the email parameter. The root cause is insufficient sanitization of user input, allowing an attacker-controlled string to be reflected in HTML and execute arbitrary J...
CVE-2025-51411
A reflected cross-site scripting XSS vulnerability exists in Institute-of-Current-Students v1.0 via the email parameter in the /postquerypublic endpoint. The application fails to properly sanitize user input before reflecting it in the HTML response. This allows unauthenticated attackers to injec...
CVE-2025-51411
A reflected cross-site scripting XSS vulnerability exists in Institute-of-Current-Students v1.0 via the email parameter in the /postquerypublic endpoint. The application fails to properly sanitize user input before reflecting it in the HTML response. This allows unauthenticated attackers to injec...
CVE-2025-45892
OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code...
CVE-2025-47061
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-46996
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-46996 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-46996 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Operator Surname
Exploit Title: LiveHelperChat 4.61 - Stored Cross Site Scripting XSS via Operator Surname Date: 09/06/2025 Exploit Author: Manojkumar J TheWhiteEvil Linkedin: https://www.linkedin.com/in/manojkumar-j-7ba35b202/ Vendor Homepage: https://github.com/LiveHelperChat/livehelperchat/ Software Link:...
Exploit for Cross-site Scripting in Campcodes Online_Movie_Theater_Seat_Reservation_System
XSS Exploit for CVE-2025-7840 Author: Byte Reaper @ByteR...
CVE-2025-52687
Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service DoS...
Cross-site Scripting (XSS)
org.opennms:opennms is vulnerable to Cross-site Scripting XSS. The vulnerability is due to stored XSS caused by unsanitized parameters on multiple nodes, allowing attackers to inject malicious HTML or JavaScript into database entries that are rendered on user-facing pages...
CVE-2025-52687
Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service DoS...
CVE-2025-52687
The CVE-2025-52687 issue applies to Alcatel-Lucent OmniAccess Stellar products (Web Management Interface). Affected component: web management payload handling. Root cause described in sources as ability for an attacker with administrator credentials on the access point to inject malicious JavaScr...
CVE-2025-52687 JavaScript Injection Vulnerability in the OmniAccess Stellar Web Management Interface
Successful exploitation of the vulnerability could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffics, potentially leading to session hijacking and denial-of-service DoS...