CVE-2024-5848

A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper input validation. User-supplied data is directly included in server responses from vulnerable service endpoints without proper sanitization or encoding, allowing an attacker to inject malicious...

CVE-2024-5848

A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper input validation. User-supplied data is directly included in server responses from vulnerable service endpoints without proper sanitization or encoding, allowing an attacker to inject malicious...

Cross-Site Scripting (XSS)

leantime/leantime is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization and output encoding of the title field in a To-Do, allows an attacker to inject and execute arbitrary JavaScript in a victim's browser...

CVE-2024-5848

CVE-2024-5848 is a reflected XSS in multiple WSO2 products caused by improper input validation. Attackers can inject malicious JavaScript via unsanitized user data echoed in server responses, potentially enabling UI manipulation, redirection to malicious sites, or browser data exfiltration. Docum...

CVE-2024-5848 Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products Due to Improper Input Validation

A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper input validation. User-supplied data is directly included in server responses from vulnerable service endpoints without proper sanitization or encoding, allowing an attacker to inject malicious...

PT-2025-8703 · Ibm · Ibm Cloud Pak For Data

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Data versions 4.0.0 through 4.8.5 IBM Cloud Pak for Data version 5.0.0 Description: The issue allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and...

CVE-2025-25460

A stored Cross-Site Scripting XSS vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to...

FlatPress 安全漏洞

FlatPress is a Php-based blog builder without database support from the FlatPress community. A security vulnerability exists in FlatPress version 1.3.1, which stems from an improperly cleaned and escaped TextArea field input in the Add Entry feature. An authenticated attacker can inject malicious...

CVE-2025-25460

A stored Cross-Site Scripting XSS vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to...

PT-2025-28156

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions prior to 1.9.24 Description: The issue allows an unauthenticated attacker to inject malicious JavaScript into the "v1/runs/ingest" endpoint by adding an empty citations field. This triggers a code path where...

CVE-2024-53974 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

IBM Cognos Controller 跨站脚本漏洞

IBM Cognos Controller is a suite of business intelligence and planning solutions from International Business Machines IBM. The product features process automation, financial audit control, and the creation and management of financial reports. IBM Cognos Controller suffers from a cross-site...

CVE-2024-56882

Sage DPW before 202412000 is vulnerable to Cross Site Scripting XSS. Low-privileged Sage users with employee role privileges can permanently store JavaScript code in the Kurstitel and Kurzinfo input fields. The injected payload is executed for each authenticated user who views and interacts with...

PT-2025-6784 · Unknown · Bestinformed Web

Name of the Vulnerable Software and Affected Versions: bestinformed Web affected versions not specified Description: The issue arises from improper sanitization of user input in the bestinformed Web application, leading to multiple unauthenticated stored cross-site scripting vulnerabilities. An...

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2025-04975)

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. IBM Sterling B2B Integrator suffe...

CVE-2025-1271

Reflected Cross-Site Scripting XSS in Anapi Group's h6web. This security flaw could allow an attacker to inject malicious JavaScript code into a URL. When a user accesses that URL, the injected code is executed in their browser, which can result in the theft of sensitive information, identity the...

CVE-2025-0178

The CVE-2025-0178 issue affects WatchGuard Fireware OS Web UI, where improper input validation allows manipulation of the HTTP Host header. The vulnerability could enable redirection to malicious sites, web cache poisoning, or injection of malicious JavaScript into responses. Affected range is Fi...

CVE-2024-35432

ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting XSS via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting...

CVE-2025-24413

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

CVE-2025-1271

CVE-2025-1271: Reflected XSS in Anapi Group's h6web. A malicious URL can trigger JavaScript in the user’s browser, potentially stealing data or allowing unauthorized actions. CVSSv3.1 base score 6.1 (Network, Low/Moderate impact; user interaction required; changed scope). Connected sources provid...