CVE-2024-57329

HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads...

CVE-2024-57329

HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads...

CVE-2024-57329

HortusFox v3.9 is affected by a stored XSS in the Add Plant function. The name field does not sanitize/escape input, enabling injection and execution of arbitrary JavaScript payloads. Several connected sources confirm the vulnerability as a stored XSS (CVE-2024-57329) and note a temporary workaro...

CVE-2024-48392

OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover...

CVE-2024-48392

OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover...

PT-2025-2901 · Ibm · Ibm Robotic Process Automation For Cloud Pak

Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation for Cloud Pak versions 21.0.0 through 21.0.7.19 IBM Robotic Process Automation for Cloud Pak versions 23.0.0 through 23.0.19 Description: This issue allows an authenticated user to embed arbitrary JavaScript cod...

CVE-2024-48392

OrangeScrum v2.0.11 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript code into user email due to lack of input validation, which could lead to account takeover...

CVE-2024-41746

CVE-2024-41746 affects IBM CICS TX Advanced 10.1 and 11.1, and IBM CICS TX Standard 11.1. The Red Hat/IBM and CVE records consistently describe a stored cross-site scripting flaw in the Web UI that enables embedding of arbitrary JavaScript, potentially altering functionality and leading to creden...

Microweber 2.0.9 Cross Site Scripting Vulnerability

Microweber versions 2.0.9 and below suffer from multiple persistent cross site scripting vulnerabilities. CVE-2024-33298 Stored Cross Site Scripting vulnerability in Microweber .jpg on /media/default/ 6. Go back to the endpoint /admin/module/view?type=adminbackup and click on "Upload file" 7...

CVE-2025-22142

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user's profile on staff...

CVE-2025-22142 Cross-site Scripting in NamelessMC

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user's profile on staff...

NamelessMC 安全漏洞

NamelessMC is a free, easy to use and powerful website software from the NamelessMC team. For your Minecraft server, which contains tons of features. A security vulnerability previously existed in NamelessMC version 2.1.3, which stemmed from the ability for administrators to add functionality tha...

Reflected Cross-Site Scripting (Reflected XSS)

tltneon/lgsl is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to improper sanitization of the Referer HTTP header, allowing an attacker to inject arbitrary JavaScript code into the application's HTML response...

PHP-Textile has persistent XSS vulnerability in image link handling

Details Persistent XSS vulnerability in image link handling of PHP-Textile versions 4.1.2 and older, when running the parser in restricted mode. In restricted mode it is expected that the input would be sanitized, allowing user-input such as user comments to be parsed and handled safely by the...

Optimizely EPiServer.CMS.Core 安全漏洞

Optimizely EPiServer.CMS.Core is a content management system core from Optimizely. A security vulnerability exists in Optimizely EPiServer.CMS.Core versions prior to 12.22.0. An attacker can exploit this vulnerability to inject and execute arbitrary JavaScript code...

WordPress plugin wp-publications cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin wp-publications has a cross-site scripting vulnerability, the vulnerability stems from...

Informatica: XSS1

The XSS vulnerability was discovered in the search functionality of the Informatica website. The vulnerability allowed an attacker to inject arbitrary JavaScript code into the search results, which could be executed by the user's browser...

PT-2025-19378 · Unknown +1 · Request-Tracker5 +1

Name of the Vulnerable Software and Affected Versions: request-tracker5 versions affected versions not specified Description: The issue concerns a Cross Site Scripting vulnerability via JavaScript injection in an RT permalink. Recommendations: At the moment, there is no information about a newer...

PT-2025-19379 · Debian +1 · Debian +1

Name of the Vulnerable Software and Affected Versions: Debian Linux affected versions not specified Description: The issue concerns a Cross Site Scripting vulnerability via JavaScript injection in an Asset name. Additionally, there are package vulnerabilities in request-tracker5. Recommendations:...

Cross-Site Scripting (XSS)

NagVis is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of input fields before rendering, and attackers can exploit this to inject and execute arbitrary JavaScript code in the context of the victim’s browser...