CVE-2025-31500

Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name...

CVE-2025-31501

Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink...

CVE-2025-31500

Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name...

Best Practical RT 跨站脚本漏洞

Best Practical RT is a request tracker from Best Practical, Inc. A cross-site scripting vulnerability exists in Best Practical RT versions 5.0 through 5.0.7, which stems from the injection of JavaScript into an asset name and could lead to cross-site scripting...

CVE-2025-31501

Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink...

CVE-2025-31501

Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink...

CVE-2025-31500

CVE-2025-31500 affects Best Practical RT (Request Tracker) 5.0–5.0.7, enabling cross-site scripting via JavaScript injection in an Asset name. The connected documents confirm the vulnerability and reference the RT 5.0.8 release, suggesting upgrading to 5.0.8 as remediation. No explicit exploit de...

CVE-2025-31500

Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name...

CVE-2025-31500

Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name...

EU Cookie Compliance (GDPR Compliance) - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-072

This module addresses the General Data Protection Regulation GDPR and the EU Directive on Privacy and Electronic Communications. The module doesn't sufficiently verify whether "disabled JavaScript" entries are valid or correspond to actual scripts on the page. As a result, an attacker could injec...

CVE-2025-31501

Best Practical RT Request Tracker 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink...

CVE-2025-31501

Best Practical RT (Request Tracker) 5.0–5.0.7 is affected by an XSS vulnerability via JavaScript injection in an RT permalink. The issue is documented across multiple feeds as CVE-2025-31501 with exposure to remote users, and the impact described is cross-site scripting with low confidentiality/i...

CVE-2024-45094

IBM DS8900F and DS8A00 Hardware Management Console HMC is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2025-43860

OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting XSS vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into...

CVE-2024-5962

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the authentication flow, potentially leadi...

CVE-2025-43860

OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting XSS vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into...

CVE-2025-43860 OpemEMR Vulnerable to Stored XSS Attack in the Additional Address Section of Patient Demographics

OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting XSS vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into...

CVE-2025-43860 OpemEMR Vulnerable to Stored XSS Attack in the Additional Address Section of Patient Demographics

OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting XSS vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into...

CVE-2025-43860 OpemEMR Vulnerable to Stored XSS Attack in the Additional Address Section of Patient Demographics

OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting XSS vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into...

CVE-2025-43860

OpenEMR (before version 7.0.3.4) is affected by a stored XSS in the Additional Addresses section of Patient Demographics. An authenticated user with patient creation/editing privileges can inject JavaScript via (1) Text Box fields (Address, Address Line 2, Postal Code, City) and (2) Drop Down opt...