CVE-2024-41504

CVE-2024-41504 affects Jetimob Plataforma Imobiliaria version 20240627-0. The Red Hat, NVD, and related records describe a Cross Site Scripting (XSS) vulnerability in the Descrico field of the Oportunidades section, when creating or editing an Atividade, allowing JavaScript injection. The availab...

PT-2025-24584 · Sap · Sap Netweaver

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver affected versions not specified Description: The issue is related to a Cross-Site Scripting vulnerability. An unauthenticated attacker could inject malicious JavaScript into a web page through an unprotected parameter. When a...

CVE-2024-41504

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting XSS. In the "Oportunidades" opportunities section of the application when creating or editing an "Atividade" activity, the form field "Descrico" allows injection of JavaScript...

CVE-2025-46041

A stored cross-site scripting XSS vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface /admin/pages/add...

CVE-2025-46041

A stored cross-site scripting XSS vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface /admin/pages/add...

CVE-2025-46178

Cross-Site Scripting XSS vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement...

CVE-2025-46178

Cross-Site Scripting XSS vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement...

CVE-2025-46041

A stored cross-site scripting XSS vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface /admin/pages/add...

CVE-2025-46041

A stored cross-site scripting XSS vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface /admin/pages/add...

CVE-2025-46178

The CVE-2025-46178 entry pertains to a Cross-Site Scripting (XSS) vulnerability in the CloudClassroom PHP Project, specifically in the askquery.php file via the eid parameter. The flaw allows remote attackers to inject arbitrary JavaScript in the context of a victim browser session, potentially l...

CVE-2025-46041

Anchor CMS v0.12.7 is affected by CVE-2025-46041: a stored XSS in the page creation interface, exploitable via the description field on /admin/pages/add. An authenticated user (admin/editor) can inject arbitrary JavaScript which is stored and executed when the page is viewed. Affected component/l...

CVE-2025-27754

A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin's resource. The injected payload is stored by the application and later executed when other users view the affecte...

CVE-2025-27444

A reflected XSS vulnerability in RSform!Pro component 3.0.0 - 3.3.13 for Joomla was discovered. The issue arises from the improper handling of the filterdateFrom GET parameter, which is reflected unescaped in the administrative backend interface. This allows an authenticated attacker with admin o...

CVE-2025-27754

A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin's resource. The injected payload is stored by the application and later executed when other users view the affecte...

CVE-2025-27754 Extension - rsjoomla.com - A stored XSS vulnerability RSBlog! component 1.11.6 - 1.14.4 for Joomla

A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin's resource. The injected payload is stored by the application and later executed when other users view the affecte...

CVE-2025-30084

CVE-2025-30084 affects the RSMail! component for Joomla (versions 1.19.20–1.22.26). The stored XSS flaw occurs in the dashboard where user-supplied input is not properly sanitized before storage and rendering, enabling an attacker to inject JavaScript into text fields that executes in the browser...

Cross-site Scripting (XSS)

github.com/forceu/gokapi is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in the API key renaming feature, which allowed authenticated users to inject JavaScript that would execute when another user accessed the API tab...

PT-2025-23926 · Joomla · Rsmail!

Name of the Vulnerable Software and Affected Versions: RSMail! component versions 1.19.20 through 1.22.26 for Joomla Description: A stored XSS issue was discovered in the RSMail! component for Joomla, where user-supplied input is not properly sanitized before being stored and rendered within the...

PT-2025-23925 · Rsblog! · Rsblog!

Name of the Vulnerable Software and Affected Versions: RSBlog! component versions 1.11.6 through 1.14.4 Description: A stored XSS issue allows authenticated users to inject malicious JavaScript into the plugin's resource. The injected payload is stored by the application and later executed when...

CVE-2025-27444

A reflected XSS vulnerability in RSform!Pro component 3.0.0 - 3.3.13 for Joomla was discovered. The issue arises from the improper handling of the filterdateFrom GET parameter, which is reflected unescaped in the administrative backend interface. This allows an authenticated attacker with admin o...