CVE-2025-27447 CVE-2025-27447

The web application is susceptible to cross-site-scripting attacks. An attacker can create a prepared URL, which injects JavaScript code into the website. The code is executed in the victim’s browser when an authenticated administrator clicks the link...

CVE-2025-27447

CVE-2025-27447 involves a cross-site scripting vulnerability in Endress+Hauser MEAC300-FNADE4. The weakness arises from insufficient filtering/escaping of user-supplied data, enabling an attacker to craft a URL that injects JavaScript executed in an authenticated administrator’s browser when the ...

PT-2025-27776

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The web application is susceptible to cross-site-scripting attacks. An attacker can create a prepared URL, which injects JavaScript code into the website. The code is executed in the victim’...

PT-2025-27777 · Endress+Hauser · Endress+Hauser Meac300-Fnade4

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboards can inject JavaScript code into the dashboard name which will be executed when t...

CVE-2025-2141

CVE-2025-2141 affects IBM System Storage Virtualization Engine TS7700 (models 3957-VED, 3948-VED, 3948-VEF) with firmware 8.54.2.17/8.60.0.115. The issue is a cross-site scripting vulnerability in the management Web UI that allows an authenticated user to embed arbitrary JavaScript, potentially l...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the ScriptEvaluator process. An attacker can execute arbitrary operating system commands by injecting malicious JavaScript code. Remediation Upgrade org.conductoross:java-sdk to version 3.21.13 or higher...

CVE-2025-50367

A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript...

CVE-2024-52900

CVE-2024-52900 affects IBM Cognos Analytics 11.2.0–11.2.4 IF5 and 12.0.0–12.0.4, with a stored cross-site scripting vulnerability in the Web UI allowing authenticated users to embed arbitrary JavaScript and potentially disclose credentials. The issue arises in the web interface’s handling of inpu...

IBM Cognos Analytics 跨站脚本漏洞

IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist organizations in adjusting their decisions by analyzing such things as key factors and key people. A cross-site...

CVE-2025-50367

A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript...

CVE-2025-50367

A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript...

PT-2025-27236 · Unknown · Phpgurukul Medical Card Generation System

Name of the Vulnerable Software and Affected Versions: Phpgurukul Medical Card Generation System version 1.0 Description: A stored blind XSS issue exists in the Contact Page, specifically affecting the "name" field in the mcgs/contact.php file. This field fails to properly sanitize user input,...

CVE-2025-50367

A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript...

CVE-2024-56915

A cross-site scripting XSS flaw has been discovered in netbox-community. An attacker who is able to populate the RSS feed may be able to inject javascript, which will be executed in the context of another user. Mitigation Mitigation for this issue is either not available or the currently availabl...

CVE-2024-56916

In Netbox Community 4.1.7, once authenticated, Configuration History Addis vulnerable to cross-site scripting XSS due to the current value field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript to the any banner field. Once a victim edits a...

Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS)

Exploit Title: Anchor CMS 0.12.7 - Stored Cross Site Scripting XSS Google Dork: inurl:"/admin/pages/add" "Anchor CMS" Date: 2025-06-08 Exploit Author: /bin/neko Vendor Homepage: http://anchorcms.com Software Link: https://github.com/anchorcms/anchor-cms Version: 0.12.7 Tested on: Ubuntu 22.04 +...

Exploit for CVE-2025-46181

CVE-2025-46181 - Reflected XSS in an Online Appointment Bookin...

CVE-2025-47092

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-47056

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-47042

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...