CVE-2025-45015

A Cross-Site Scripting XSS vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. The vulnerability allows remote attackers to inject arbitrary JavaScript code via the fromdate and todate parameters...

CVE-2025-3929

An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window, and...

CVE-2025-45015

A Cross-Site Scripting XSS vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. The vulnerability allows remote attackers to inject arbitrary JavaScript code via the fromdate and todate parameters...

CVE-2025-45015

PHPGurukul Park Ticketing Management System v2.0 is affected by a Cross-Site Scripting (XSS) vulnerability in the foreigner-bwdates-reports-details.php file. The issue allows remote attackers to inject arbitrary JavaScript code through the fromdate and todate parameters, potentially compromising ...

PT-2025-18274 · Unknown · Phpgurukul Park Ticketing Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Park Ticketing Management System version 2.0 Description: A Cross-Site Scripting XSS issue was discovered in the foreigner-bwdates-reports-details.php file. This issue allows remote attackers to inject arbitrary JavaScript code via...

PT-2025-30685 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: Adobe Experience Manager versions 6.5.22 and earlier are susceptible to a stored Cross-Site Scripting XSS issue. A low-privileged attacker can exploit this to inject malicious...

CVE-2025-45015

A Cross-Site Scripting XSS vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. The vulnerability allows remote attackers to inject arbitrary JavaScript code via the fromdate and todate parameters...

CVE-2025-46346 YesWiki Vulnerable to Stored XSS in Comments

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting XSS vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user...

CVE-2025-46346

YesWiki (PHP) prior to version 4.5.4 is affected by a stored XSS vulnerability in the comments feature. The issue arises because user input is not fully sanitized/encoded, allowing obfuscated payloads such as /* JavaScriptPayload */ to bypass filters and execute in the browser of users viewing af...

CVE-2025-46346 YesWiki Vulnerable to Stored XSS in Comments

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting XSS vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user...

Security Bulletin: IBM Engineering Lifecycle Management is vulnerable to Javascript Injection. (CVE-2021-29669)

Summary Summary guidance: IBM Engineering Lifecycle Management - IBM Jazz is vulnerable to Javascript Injection. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2021-29669 DESCRIPTION: IBM Jazz Foundation is vulnerable to...

PT-2025-18170 · Ibm · Ibm Operational Decision Manager

Name of the Vulnerable Software and Affected Versions: IBM Operational Decision Manager versions 8.11.0.1 through 9.0.0.1 Description: The issue allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to...

CVE-2024-11922

Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email...

CVE-2024-11922 Input Validation vulnerability in Web Client emails that do not go through Secure Mail

Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email...

Cross-site Scripting (XSS)

Laravel Starter is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization that allowing users to inject malicious JavaScript code into the tag name field...

CVE-2025-26159

Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting XSS in the tags feature. Any user with the ability of create or modify tags can inject malicious JavaScript code in the name field...

CVE-2025-3760

A stored cross-site scripting XSS vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10...

Cross-site Scripting (XSS)

Liferay Portal is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to improper handling of radio button type custom fields, allowing remote authenticated attackers to inject malicious JavaScript into a page...

CVE-2025-2703

A DOM-based Cross-site scripting vulnerability exists in Grafana's built-in XY Chart plugin. This flaw allows an attacker with editor-level privileges to inject and execute arbitrary JavaScript code by editing an XY Chart Panel. The vulnerability bypasses the Content Security Policy, allowing the...

GHSA-FPX3-H2PC-88VF Laravel Starter Cross Site Scripting (XSS)

Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting XSS in the tags feature. Any user with the ability of create or modify tags can inject malicious JavaScript code in the name field...