CVE-2024-31199

A “CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'” allows malicious users to permanently inject arbitrary Javascript code...

CVE-2024-53843

@dapperduckling/keycloak-connector-server is an opinionated series of libraries for Node.js applications and frontend clients to interface with keycloak. A Reflected Cross-Site Scripting XSS vulnerability was discovered in the authentication flow of the application. This issue arises due to...

IBM Security Verify Access 跨站脚本漏洞

IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated acce...

CVE-2024-57237

Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross Site Scripting XSS in the /reqproc/procget endpoint. The vulnerability arises because the cmd parameter does not properly sanitize input and the response is served with a Content-Type of text/html. This behavior allows the...

CVE-2024-53943

An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to XSS via the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute JavaScript within the context of the current user by injecting JavaScript into the SSID...

USN-7250-1 netdata vulnerabilities

It was discovered that Netdata incorrectly handled parsing JSON input, which could lead to a JSON injection. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. CVE-2018-18836 It was discovered that Netdata incorrectly handled parsing HT...

CVE-2024-53943

An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to XSS via the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute JavaScript within the context of the current user by injecting JavaScript into the SSID...

CVE-2024-57237

Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to Cross Site Scripting XSS in the /reqproc/procget endpoint. The vulnerability arises because the cmd parameter does not properly sanitize input and the response is served with a Content-Type of text/html. This behavior allows the...

CVE-2024-47116

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

CVE-2024-49807

IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin...

IBM Financial Transaction Manager 跨站脚本漏洞

IBM Financial Transaction Manager is a financial transaction manager from International Business Machines IBM. The product is primarily used to monitor, track and report on financial payments and transactions. A cross-site scripting vulnerability exists in IBM Financial Transaction Manager that...

TeamCal Neo 跨站脚本漏洞

TeamCal Neo is a calendar-based web application from the individual developer George Lewe. A cross-site scripting vulnerability exists in TeamCal Neo version 3.8.2. An attacker can exploit this vulnerability to execute malicious JavaScript code by injecting code via the abs parameter in...

CVE-2025-0747 Stored Cross-Site vulnerability in EmbedAI

A Stored Cross-Site Scripting vulnerability has been found in EmbedAI. This vulnerability allows an authenticated attacker to inject a malicious JavaScript code into a message that will be executed when a user opens the chat...

CVE-2025-0747 Stored Cross-Site vulnerability in EmbedAI

A Stored Cross-Site Scripting vulnerability has been found in EmbedAI. This vulnerability allows an authenticated attacker to inject a malicious JavaScript code into a message that will be executed when a user opens the chat...

CVE-2025-0746

CVE-2025-0746 concerns EmbedAI (≤2.1). A reflected XSS flaw exists in the /embedai/users/show/ endpoint, enabling an authenticated attacker to craft a malicious URL that injects JavaScript executed when the target user opens it. Affected products: EmbedAI versions 2.1 and earlier. The provided so...

CVE-2025-0746 Reflected Cross-Site Scripting vulnerability in EmbedAI

A Reflected Cross-Site Scripting vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to craft a malicious URL leveraging the"/embedai/users/show/" endpoint to inject the malicious JavaScript code. This JavaScript code will be executed when a...

CVE-2025-0746 Reflected Cross-Site Scripting vulnerability in EmbedAI

A Reflected Cross-Site Scripting vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to craft a malicious URL leveraging the"/embedai/users/show/" endpoint to inject the malicious JavaScript code. This JavaScript code will be executed when a...

EmbedAI 跨站脚本漏洞

EmbedAI is a platform from EmbedAI that enables users to use their data to create AI chatbots powered by ChatGPT. A cross-site scripting vulnerability exists in EmbedAI version 2.1 and prior versions. An attacker exploiting this vulnerability could inject malicious JavaScript code...

EmbedAI 跨站脚本漏洞

EmbedAI is a platform from EmbedAI that enables users to use their data to create AI chatbots powered by ChatGPT. EmbedAI suffers from a cross-site scripting vulnerability. An attacker exploiting this vulnerability could inject malicious JavaScript code into messages...

CVE-2024-37527

IBM OpenPages with Watson 8.3 and 9.0 are affected by a cross-site scripting vulnerability in the Web UI. An authenticated user can embed arbitrary JavaScript, potentially altering functionality and disclosing credentials in a trusted session. Affected products/versions: IBM OpenPages with Watson...