5086 matches found
CVE-2025-2141
CVE-2025-2141 affects IBM System Storage Virtualization Engine TS7700 (models 3957-VED, 3948-VED, 3948-VEF) with firmware 8.54.2.17/8.60.0.115. The issue is a cross-site scripting vulnerability in the management Web UI that allows an authenticated user to embed arbitrary JavaScript, potentially l...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the ScriptEvaluator process. An attacker can execute arbitrary operating system commands by injecting malicious JavaScript code. Remediation Upgrade org.conductoross:java-sdk to version 3.21.13 or higher...
CVE-2025-50367
A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript...
CVE-2024-52900
CVE-2024-52900 affects IBM Cognos Analytics 11.2.0–11.2.4 IF5 and 12.0.0–12.0.4, with a stored cross-site scripting vulnerability in the Web UI allowing authenticated users to embed arbitrary JavaScript and potentially disclose credentials. The issue arises in the web interface’s handling of inpu...
IBM Cognos Analytics 跨站脚本漏洞
IBM Cognos Analytics is a suite of business intelligence software from International Business Machines IBM. The software includes reports, dashboards, and scorecards, and can assist organizations in adjusting their decisions by analyzing such things as key factors and key people. A cross-site...
CVE-2025-50367
A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript...
CVE-2025-50367
A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript...
CVE-2025-50367
A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript...
PT-2025-27236 · Unknown · Phpgurukul Medical Card Generation System
Name of the Vulnerable Software and Affected Versions: Phpgurukul Medical Card Generation System version 1.0 Description: A stored blind XSS issue exists in the Contact Page, specifically affecting the "name" field in the mcgs/contact.php file. This field fails to properly sanitize user input,...
CVE-2024-56915
A cross-site scripting XSS flaw has been discovered in netbox-community. An attacker who is able to populate the RSS feed may be able to inject javascript, which will be executed in the context of another user. Mitigation Mitigation for this issue is either not available or the currently availabl...
CVE-2024-56916
In Netbox Community 4.1.7, once authenticated, Configuration History Addis vulnerable to cross-site scripting XSS due to the current value field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript to the any banner field. Once a victim edits a...
Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS)
Exploit Title: Anchor CMS 0.12.7 - Stored Cross Site Scripting XSS Google Dork: inurl:"/admin/pages/add" "Anchor CMS" Date: 2025-06-08 Exploit Author: /bin/neko Vendor Homepage: http://anchorcms.com Software Link: https://github.com/anchorcms/anchor-cms Version: 0.12.7 Tested on: Ubuntu 22.04 +...
Exploit for CVE-2025-46181
CVE-2025-46181 - Reflected XSS in an Online Appointment Bookin...
CVE-2025-47092
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-47056
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-47073
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-47042
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-47035
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-47093
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-46884
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...