CVE-2025-27914

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting XSS vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to inject and execute arbitrary JavaScript in a victim's session. Exploitation requires a valid auth token...

CVE-2025-0062

SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impac...

CVE-2025-0062 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impac...

CVE-2025-0062

SAP BusinessObjects BI Platform Web Intelligence is affected by CVE-2025-0062: a cross-site scripting vulnerability allowing an attacker to inject JavaScript in Web Intelligence reports. The issue arises when script/html execution is enabled by the Central Management Console administrator. Exploi...

CVE-2025-0062 Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence)

SAP BusinessObjects Business Intelligence Platform allows an attacker to inject JavaScript code in Web Intelligence reports. This code is then executed in the victim's browser each time the vulnerable page is visited by the victim. On successful exploitation, an attacker could cause limited impac...

Linux Distros Unpatched Vulnerability : CVE-2023-37360

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pacparserfindproxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL which may be...

Linux Distros Unpatched Vulnerability : CVE-2023-23942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml...

CVE-2025-26202

Cross-Site Scripting XSS vulnerability exists in the WPA/WAPI Passphrase field of the Wireless Security settings 2.4GHz & 5GHz bands in DZS Router Web Interface. An authenticated attacker can inject malicious JavaScript into the passphrase field, which is stored and later executed when an...

CVE-2025-26202

CVE-2025-26202 describes a Cross-Site Scripting (XSS) vulnerability in the WPA/WAPI Passphrase field of the Wireless Security settings on the DZS Router Web Interface (2.4 GHz & 5 GHz). An authenticated attacker can inject malicious JavaScript into the passphrase, which is stored and later execut...

CVE-2025-26202

Cross-Site Scripting XSS vulnerability exists in the WPA/WAPI Passphrase field of the Wireless Security settings 2.4GHz & 5GHz bands in DZS Router Web Interface. An authenticated attacker can inject malicious JavaScript into the passphrase field, which is stored and later executed when an...

CVE-2024-54179 IBM Business Automation Workflow cross-site scripting

IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the...

EasyVirt DC NetScope 跨站脚本漏洞

EasyVirt DC NetScope is an application from EasyVirt, Inc. provides network insight into the different network layers in the VMware infrastructure. A cross-site scripting vulnerability exists in EasyVirt DC NetScope 8.6.4 and prior versions that stems from multiple cross-site scripting...

CVE-2024-55064

Multiple cross-site scripting XSS vulnerabilities in EasyVirt DC NetScope = 8.6.4 allow remote attackers to inject arbitrary JavaScript or HTML code via the 1 smtpserver, 2 smtpaccount, 3 smtppassword, or 4 emailrecipients parameter to /smtp/update; the 5 ntp or 6 dns parameter to...

CVE-2024-5848

A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper input validation. User-supplied data is directly included in server responses from vulnerable service endpoints without proper sanitization or encoding, allowing an attacker to inject malicious...

CVE-2024-5848

A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper input validation. User-supplied data is directly included in server responses from vulnerable service endpoints without proper sanitization or encoding, allowing an attacker to inject malicious...

CVE-2024-5848

A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper input validation. User-supplied data is directly included in server responses from vulnerable service endpoints without proper sanitization or encoding, allowing an attacker to inject malicious...

Cross-Site Scripting (XSS)

leantime/leantime is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization and output encoding of the title field in a To-Do, allows an attacker to inject and execute arbitrary JavaScript in a victim's browser...

CVE-2024-5848 Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products Due to Improper Input Validation

A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to improper input validation. User-supplied data is directly included in server responses from vulnerable service endpoints without proper sanitization or encoding, allowing an attacker to inject malicious...

CVE-2024-5848

CVE-2024-5848 is a reflected XSS in multiple WSO2 products caused by improper input validation. Attackers can inject malicious JavaScript via unsanitized user data echoed in server responses, potentially enabling UI manipulation, redirection to malicious sites, or browser data exfiltration. Docum...

PT-2025-8703 · Ibm · Ibm Cloud Pak For Data

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Data versions 4.0.0 through 4.8.5 IBM Cloud Pak for Data version 5.0.0 Description: The issue allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and...