CVE-2025-11183

Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...

CVE-2025-60374

This CVE describes a Stored XSS in Perfex CRM’s chatbot feature prior to v3.3.1. The vulnerability allows injected HTML/JavaScript to execute in users’ browsers when viewing chat messages, enabling client-side code execution and potential session token theft. Affected product: Perfex CRM (chatbot...

CVE-2025-60374

Stored Cross-Site Scripting XSS in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A...

GHSA-GXP8-M5RQ-3M38 QGIS QWC2 Cross-Site Scripting vulnerability

Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...

CVE-2025-11184

Cross-site scripting vulnerability in QGIS QWC2 Registration GUI =v2025.03.31 allows an authorized attacker to plant arbitrary JavaScript code in the page...

CVE-2025-11183 Cross-Site Scripting Vulnerability in QWC2

Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...

CVE-2025-11183 Cross-Site Scripting Vulnerability in QWC2

Cross-Site Scripting vulnerability in attribute table in QGIS QWC2 2025.08.14 allows an authorized attacker to plant arbitrary JavaScript code in the page...

QGIS QWC2 Registration GUI 安全漏洞

The QGIS QWC2 Registration GUI is an optional application of the Web Front End Client Framework from the QGIS organization. A security vulnerability exists in QGIS QWC2 Registration GUI v2025.03.31 and earlier versions, which originates from an authorized attacker who can plant arbitrary JavaScri...

QGIS QWC2 安全漏洞

QGIS QWC2 is a web front-end client framework from the QGIS organization. A security vulnerability exists in QGIS QWC2 versions prior to 2025.08.14, which stems from a cross-site scripting vulnerability in the attribute table that could lead to an authorized attacker planting arbitrary JavaScript...

CVE-2025-56683

A cross-site scripting XSS vulnerability in the component /app/marketplace.html of Logseq v0.10.9 allows attackers to execute arbitrary code via injecting arbitrary Javascript into a crafted README.md file...

CVE-2025-60299

Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting XSS vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter when replying to a book comment. The payload is stored in the database a...

CVE-2025-61788

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs metadata like title, description, etc. unfiltered and unmodified. The vulnerability allows attackers to...

EUVD-2025-33290

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs metadata like title, description, etc. unfiltered and unmodified. The vulnerability allows attackers to...

EUVD-2025-33169

Configuroweb Sistema Web de Inventario 1.0 is vulnerable to a Stored Cross-Site Scripting XSS due to the lack of input sanitization on the product name parameter Nombre:Producto allowing an authenticated attacker to inject malicious payloads and execute arbitrary JavaScript...

CVE-2025-61998

OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content as a URL within the Technical Support Hyperlink Manager. Injected content is executed in the context of other users when they click the malicious link. Successful exploitation allows the...

CVE-2025-61997

OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Enterprise Banner image upload field. Injected content is executed in the context of other users when they generate an Annual Report. Successful exploitation allows the...

CVE-2025-61998

OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content as a URL within the Technical Support Hyperlink Manager. Injected content is executed in the context of other users when they click the malicious link. Successful exploitation allows the...

CVE-2025-61997

OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Enterprise Banner image upload field. Injected content is executed in the context of other users when they generate an Annual Report. Successful exploitation allows the...

CVE-2025-61996

OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Template. Injected content is executed in the context of other users when they generate an Annual Report. Successful exploitation allows the administrative user to perfo...

CVE-2025-61996

OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Template. Injected content is executed in the context of other users when they generate an Annual Report. Successful exploitation allows the administrative user to perfo...