CVE-2024-42699

Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field...

Alkacon OpenCMS 安全漏洞

Alkacon OpenCMS is a content management system from Alkacon Inc. A security vulnerability exists in Alkacon OpenCMS version 17.0, which stems from cross-site scripting in the title subfield of the image field in the Create/Modify article function, which could lead to the injection of a javascript...

CVE-2024-42699

Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field...

The vulnerability of the doUpdate function in the web interface of TP-Link’s router software, TL-WR841N, allows a hacker to inject any JavaScript code.

The vulnerability of the doUpdate function in the web interface of TP-Link’s router software, the TL-WR841N, is related to a deficiency in the upnpTbl filter parameter when accessing the UPnP.html web page. Exploiting this vulnerability allows an attacker to inject arbitrary JavaScript code by...

SAP NetWeaver Application Server ABAP Cross-Site Scripting Vulnerability

SAP NetWeaver Application Server ABAP is an application server from SAP in Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server ABAP, which arises from insufficiently encoded input, allowing an attacker to inject malicious JavaScript.No details of the...

CVE-2025-24297

Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal...

GHSA-QHP6-VP7C-G7XP Liferay Cross-site Scripting vulnerability

A stored cross-site scripting XSS vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10...

Liferay Cross-site Scripting vulnerability

A stored cross-site scripting XSS vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10...

CVE-2025-3760

A stored cross-site scripting XSS vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10...

CVE-2025-3760

A stored cross-site scripting XSS vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10...

CVE-2025-3760

CVE-2025-3760 is a stored XSS vulnerability in Liferay Portal (radio button type custom fields) affecting Portal 7.2.0–7.4.3.129 and Liferay DXP 2024.Q1–Q4, 2023 Q3–Q4, and related GA/update branches. The underlying issue is injection of malicious JavaScript into a page by remote authenticated at...

CVE-2025-1983

A cross-site scripting XSS vulnerability in Ready's File Explorer upload functionality allows injection of arbitrary JavaScript code in filename. Injected content is stored on server and is executed every time a user interacts with the uploaded file...

CVE-2025-1983 Stored Cross-Site Scripting in Ready_

A cross-site scripting XSS vulnerability in Ready's File Explorer upload functionality allows injection of arbitrary JavaScript code in filename. Injected content is stored on server and is executed every time a user interacts with the uploaded file...

CVE-2025-24297

Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal...

CVE-2025-24297

Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal...

CVE-2025-24297 Growatt Cloud portal Cross-site Scripting

Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal...

CVE-2025-24297 Growatt Cloud portal Cross-site Scripting

Due to lack of server-side input validation, attackers can inject malicious JavaScript code into users personal spaces of the web portal...

CVE-2025-24297

CVE-2025-24297 affects Growatt Cloud Portal (Growatt Cloud Applications). Root cause: lack of server-side input validation leading to cross-site scripting. Vulnerable component/function: plant name handling during add/edit operations (stored XSS). Impact: attackers can inject JavaScript into user...

PT-2025-16496

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description The issue is due to a lack of server-side input validation, allowing attackers to inject malicious JavaScript code into users' personal spaces of the web portal. Recommendations At the moment,...

CVE-2023-33844

IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...