CVE-2013-5703

The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js...

CVE-2005-2594

Apple Safari 1.3 132 on Mac OS X 1.3.9 allows remote attackers to cause a denial of service crash via certain Javascript, possibly involving a function that defines a handler for itself within the function body...

CVE-2008-5914

An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing...

CVE-2009-5097

Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, which allows remote attackers to execute arbitrary JavaScript, as demonstrated by reading PalmDatabase.db3...

CVE-2002-2314

Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail...

CVE-1999-0031

JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability...

WordPress plugin Js O3 Lite 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

CVE-2025-4918

CVE-2025-4918 describes an out-of-bounds read/write on a JavaScript Promise object affecting Firefox and Thunderbird. Affected: Firefox < 138.0.4, Firefox ESR < 128.10.1, Firefox ESR < 115.23.1; Thunderbird < 128.10.2, Thunderbird

CVE-2025-4918

An attacker was able to perform an out-of-bounds read or write on a JavaScript Promise object. This vulnerability was fixed in Firefox 138.0.4, Firefox ESR 128.10.1, Firefox ESR 115.23.1, Thunderbird 128.10.2, and Thunderbird 138.0.2...

CVE-2025-4920

CVE-2025-4920 is rejected per the initial description; this entry is not an active vulnerability.

CVE-2024-8673

The Z-Downloads WordPress plugin before 1.11.7 does not properly validate uploaded files allowing for the uploading of SVGs containing malicious JavaScript...

CVE-2025-40632 Cross-site scripting (XSS) vulnerability in IceWarp Mail Server

Cross-site scripting XSS in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed when the page is rendered...

CVE-2025-46571

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.6, low privileged users can upload HTML files which contain JavaScript code via the /api/v1/files/ backend endpoint. This endpoint returns a file id, which can be used to open t...

CVE-2022-44760

Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications...

PT-2025-17853 · Hcl · Hcl Leap

Name of the Vulnerable Software and Affected Versions: HCL Leap affected versions not specified Description: The issue concerns an unsafe default file type filter policy in HCL Leap, which allows the execution of unsafe JavaScript in deployed applications. Recommendations: At the moment, there is...

CVE-2025-3760

A stored cross-site scripting XSS vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10...

CVE-2022-43850

IBM Aspera Console 3.4.0–3.4.4 is vulnerable to cross-site scripting in the Web UI, allowing embedding of arbitrary JavaScript and potentially credentials disclosure within a trusted session. Root cause details are not exhaustively described in the provided documents, but the vulnerability is cle...

CVE-2025-32014

estree-util-value-to-estree converts a JavaScript value to an ESTree expression. When generating an ESTree from a value with a property named proto, valueToEstree would generate an object that specifies a prototype instead. This vulnerability is fixed in 3.3.3...

CVE-2025-32379

A flaw was found in Koa. This vulnerability allows execution of arbitrary JavaScript code via crafted user input passed to the ctx.redirect function, even after input sanitization. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red...

Exploit for Unverified Password Change in Fortinet Fortiswitch

CVE-2024-48887-FortiSwitch-Exploit 🚨 FortiSwitch CVE-2024-4888...