CVE-2025-1888 Reflected Cross Site Scripting in Aperio Eslide Manager

The Leica Web Viewer within the Aperio Eslide Manager Application is vulnerable to reflected cross-site scripting XSS. An authenticated user can access the slides within a project and injecting malicious JavaScript into the "memo" field. The memo field has a hover over action that will display a...

CVE-2025-1888 Reflected Cross Site Scripting in Aperio Eslide Manager

The Leica Web Viewer within the Aperio Eslide Manager Application is vulnerable to reflected cross-site scripting XSS. An authenticated user can access the slides within a project and injecting malicious JavaScript into the "memo" field. The memo field has a hover over action that will display a...

CVE-2025-0062

SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impac...

CVE-2025-25625

A stored cross-site scripting vulnerability exists in FS model S3150-8T2F switches running firmware s3150-8t2f-switch-fsos-220d118101 and web firmware v2.2.2, which allows an authenticated web interface user to bypass input filtering on user names, and stores un-sanitized HTML and Javascript on t...

CVE-2025-27914

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting XSS vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to inject and execute arbitrary JavaScript in a victim's session. Exploitation requires a valid auth token...

CVE-2025-27914

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting XSS vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to inject and execute arbitrary JavaScript in a victim's session. Exploitation requires a valid auth token...

CVE-2025-27914

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting XSS vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to inject and execute arbitrary JavaScript in a victim's session. Exploitation requires a valid auth token...

CVE-2025-0062

SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impac...

CVE-2025-0062 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impac...

CVE-2025-0062 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impac...

CVE-2025-0062

SAP BusinessObjects BI Platform Web Intelligence is affected by CVE-2025-0062: a cross-site scripting vulnerability allowing an attacker to inject JavaScript in Web Intelligence reports. The issue arises when script/html execution is enabled by the Central Management Console administrator. Exploi...

Linux Distros Unpatched Vulnerability : CVE-2023-23942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml...

Linux Distros Unpatched Vulnerability : CVE-2023-37360

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be...

CVE-2025-26202

Cross-Site Scripting XSS vulnerability exists in the WPA/WAPI Passphrase field of the Wireless Security settings 2.4GHz & 5GHz bands in DZS Router Web Interface. An authenticated attacker can inject malicious JavaScript into the passphrase field, which is stored and later executed when an...

CVE-2025-26202

Cross-Site Scripting XSS vulnerability exists in the WPA/WAPI Passphrase field of the Wireless Security settings 2.4GHz & 5GHz bands in DZS Router Web Interface. An authenticated attacker can inject malicious JavaScript into the passphrase field, which is stored and later executed when an...

CVE-2025-26202

CVE-2025-26202 describes a Cross-Site Scripting (XSS) vulnerability in the WPA/WAPI Passphrase field of the Wireless Security settings on the DZS Router Web Interface (2.4 GHz & 5 GHz). An authenticated attacker can inject malicious JavaScript into the passphrase, which is stored and later execut...

CVE-2024-54179 IBM Business Automation Workflow cross-site scripting

IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the...

CVE-2024-55064

Multiple cross-site scripting XSS vulnerabilities in EasyVirt DC NetScope = 8.6.4 allow remote attackers to inject arbitrary JavaScript or HTML code via the 1 smtpserver, 2 smtpaccount, 3 smtppassword, or 4 emailrecipients parameter to /smtp/update; the 5 ntp or 6 dns parameter to...

EasyVirt DC NetScope 跨站脚本漏洞

EasyVirt DC NetScope is an application from EasyVirt, Inc. provides network insight into the different network layers in the VMware infrastructure. A cross-site scripting vulnerability exists in EasyVirt DC NetScope 8.6.4 and prior versions that stems from multiple cross-site scripting...

CVE-2024-5848

A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper input validation. User-supplied data is directly included in server responses from vulnerable service endpoints without proper sanitization or encoding, allowing an attacker to inject malicious...