Alcatel-Lucent OmniAccess Stellar Products 安全漏洞

Alcatel-Lucent OmniAccess Stellar Products is a line of WiFi access points from Alcatel-Lucent, France. A security vulnerability exists in Alcatel-Lucent OmniAccess Stellar Products that stems from the possible injection of malicious JavaScript, leading to session hijacking and denial of service...

PT-2025-29695 · Unknown · Access Point

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: Successful exploitation of the issue could allow an attacker with administrator credentials for the access point to inject malicious JavaScript into the payload of web traffic, potentially leading ...

Attackers Hide JavaScript in SVG Images to Lure Users to Malicious Sites

Beware! SVG images are now being used with obfuscated JavaScript for stealthy redirect attacks via spoofed emails. Get insights from Ontinue's latest research on detection and defence...

CVE-2025-52378

Cross-Site Scripting XSS vulnerability in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below allowing attackers to inject JavaScript code that is executed in the context of administrator sessions when viewing the device management page via the DEVICEALIAS parameter to the...

CVE-2025-52378

Summary: CVE-2025-52378 is a stored XSS vulnerability in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and earlier. The flaw arises from insufficient sanitization of the DEVICE_ALIAS input used by the /web/um_device_set_aliasname endpoint, enabling an attacker to inject JavaScript that r...

CVE-2025-49543

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2025-53479

The CheckUser extension’s Special:CheckUser interface is vulnerable to reflected XSS via the rev-deleted-user message. This message is rendered without proper escaping, making it possible to inject JavaScript through the uselang=x-xss language override mechanism. This issue affects Mediawiki -...

CVE-2025-53487

The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS in multiple locations where system messages are inserted into raw HTML without proper escaping. Attackers can exploit this by injecting JavaScript payloads via the uselang=x-xss language override, which causes crafted message ke...

CVE-2025-49534

Adobe Experience Manager versions FP11.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-49540

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2023-43039

IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2023-43039 IBM OpenPages with Watson cross-site scripting

IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2023-43039 IBM OpenPages with Watson cross-site scripting

IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2025-7363

The TitleIcon extension for MediaWiki is vulnerable to stored XSS through the titleiconunicode parser function. User input passed to this function is wrapped in an HtmlArmor object without sanitization and rendered directly into the page header, allowing attackers to inject arbitrary JavaScript...

CVE-2025-53479

The CheckUser extension’s Special:CheckUser interface is vulnerable to reflected XSS via the rev-deleted-user message. This message is rendered without proper escaping, making it possible to inject JavaScript through the uselang=x-xss language override mechanism. This issue affects Mediawiki -...

CVE-2025-7363

The CVE-2025-7363 entry concerns the MediaWiki TitleIcon extension. Affected versions include 1.39.X before 1.39.13, 1.42.X before 1.42.7, and 1.43.X before 1.43.2. The root cause is un-sanitized input passed to the #titleicon_unicode parser function, wrapped in an HtmlArmor object and rendered i...

CVE-2025-53479 CheckUser: Reflected Cross-Site Scripting (XSS) in Special:CheckUser via unsanitized internationalized message

The CheckUser extension’s Special:CheckUser interface is vulnerable to reflected XSS via the rev-deleted-user message. This message is rendered without proper escaping, making it possible to inject JavaScript through the uselang=x-xss language override mechanism. This issue affects Mediawiki -...

CVE-2025-53479

The CVE-2025-53479 entry concerns the MediaWiki CheckUser extension. Affected: Special:CheckUser interface; vulnerable in the rev-deleted-user message where the content is rendered without proper escaping, enabling reflected XSS via the uselang=x-xss language override mechanism. Affected versions...

CVE-2025-2793 IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.6, 6.2.0.0 through 6.2.0.4, IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6, and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus...

CVE-2025-53487

The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS in multiple locations where system messages are inserted into raw HTML without proper escaping. Attackers can exploit this by injecting JavaScript payloads via the uselang=x-xss language override, which causes crafted message ke...