OPEXUS eCASE Audit 安全漏洞

OPEXUS eCASE Audit is an audit management software from OPEXUS USA. A security vulnerability exists in OPEXUS eCASE Audit that originates from an authenticated attacker being able to save JavaScript in the Project Setup function, which could lead to cross-site scripting attacks...

OPEXUS eCASE Audit 安全漏洞

OPEXUS eCASE Audit is an audit management software from OPEXUS USA. A security vulnerability exists in OPEXUS eCASE Audit that originates from an authenticated attacker who can modify client-side JavaScript or construct HTTP requests that could result in access to disabled functionality...

PT-2026-2175

Name of the Vulnerable Software and Affected Versions OPEXUS eCASE Audit versions prior to 11.14.2.0 Description OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment within the Estimated Staff Hours field. This JavaScript is then executed when another user accesses...

Elliptic 安全漏洞

Elliptic is a fast elliptic curve cryptographic library in javascript by the individual developer Fedor Indutny. A security vulnerability exists in Elliptic 6.6.1 and earlier versions, which stems from a miscalculation of the k-value in the ECDSA implementation and could lead to key disclosure...

CVE-2025-61550

CVE-2025-61550 affects edu Business Solutions Print Shop Pro WebDesk 18.34. The stored XSS occurs in ctl00_Content01_fieldValue parameters via /psp/appNet/TemplateOrder/TemplatePreview.aspx, where user input is stored and later rendered in HTML without proper output encoding or sanitization. This...

PT-2026-2172

Name of the Vulnerable Software and Affected Versions OPEXUS eCASE Audit versions prior to 11.14.1.0 Description An authenticated attacker can modify client-side JavaScript or craft HTTP requests to access functions or buttons that have been disabled or blocked by an administrator. The issue...

PT-2026-3409

CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...

Linux Distros Unpatched Vulnerability : CVE-2026-22028

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Preact, a lightweight web development framework, JSON serialization protection to prevent Virtual DOM elements from being constructed from arbitrary JSON. A...

Amazon Linux 2023 : firefox (ALAS2023-2025-1337)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1337 advisory. Use-after-free in the WebRTC: Signaling component. This vulnerability affects Firefox 146 and Firefox ESR 140.6. CVE-2025-14321 Sandbox escape due to incorrect boundary conditions in the...

Amazon Linux 2023 : rhino, rhino-engine, rhino-javadoc (ALAS2023-2025-1339)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1339 advisory. Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the...

CVE-2019-25277

FaceSentry Access Control System 6.4.8 is affected by a cross-site scripting vulnerability in the msg parameter of pluginInstall.php due to unvalidated input. The issue allows injection of arbitrary JavaScript in victim browsers, with potential credential theft and phishing. Affected component: F...

CVE-2026-21855

The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, a reflected Cross Site Scripting XSS vulnerability in the toast notification system allows any attacker to execute arbitrary JavaScript in the context of a victim's browser session by crafting a malicious...

CVE-2025-66686

A stored Cross-Site Scripting XSS vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. The injected payload is stored and executed when any...

CVE-2025-15479

Stored cross-site scripting XSS, CWE-79 in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms on Windows and Linux servers allows authenticated remote users with survey creation or edit privileges to execute...

CVE-2025-15479

Stored cross-site scripting XSS, CWE-79 in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms on Windows and Linux servers allows authenticated remote users with survey creation or edit privileges to execute...

CVE-2022-27105

InMailX Outlook Plugin 3.22.0101 is vulnerable to Cross Site Scripting XSS. InMailX Connection names are not sanitzed in the Outlook tab, which allows a local user or network administrator to execute HTML / Javascript in the Outlook of users...

CVE-2022-27166

A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim...

CVE-2022-27238

BigBlueButton version 2.4.7 or earlier is vulnerable to stored Cross-Site Scripting XSS in the private chat functionality. A threat actor could inject JavaScript payload in his/her username. The payload gets executed in the browser of the victim each time the attacker sends a private message to t...

CVE-1999-0809

Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed"...

CVE-1999-0347

Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character...