Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS when handling URLs in links, where schemes such as javascript, vbscript and data can be used. An attacker can execute arbitrary scripts in the context of the user's browser by enticing a user to click on a craft...

CVE-2025-68946

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...

CVE-2025-68946

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...

CVE-2025-68946

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...

CVE-2025-68946

CVE-2025-68946 affects Gitea releases before 1.20.1, where a link can specify a forbidden URL scheme (e.g., javascript:) enabling XSS. The issue is fixed by upgrading to Gitea 1.20.1 or later (patch/markup module remediation noted in the linked advisories/releases). Practical impact is Cross‑Site...

EUVD-2025-205421

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...

PT-2025-53606

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.0.0 Description n8n is a workflow automation platform. In self-hosted instances before version 2.0.0, when the Code node operates in legacy JavaScript execution mode, authenticated users with workflow editing permission...

n8n 跨站脚本漏洞

n8n is a scalable workflow automation tool from n8n open source. A cross-site scripting vulnerability exists in versions prior to n8n 1.114.0 that stems from the Respond to Webhook node not being properly sandboxed when processing HTML content, which could lead to an attacker with workflow creati...

Beyond Single Bugs: Benchmarking Large Language Models for Multi-Vulnerability Detection

Large Language Models LLMs have demonstrated significant potential in automated software security, particularly in vulnerability detection. However, existing benchmarks primarily focus on isolated, single-vulnerability samples or function-level classification, failing to reflect the complexity of...

CVE-2025-68946

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...

XSSREFLECTOR

XSS Reflector XSS Reflector adalah tools otomatis untuk...

ChurchCRM Cross-Site Scripting Vulnerability (CNVD-2026-0536090)

ChurchCRM is an open source church management system. ChurchCRM suffers from a cross-site scripting vulnerability that originates from a low-privileged user being able to inject persistent JavaScript into group role names, which can be exploited by an attacker to cause an account takeover...

CVE-2019-25235

Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system...

CVE-2021-47738

CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend...

CVE-2021-47732

CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...

CVE-2019-25235 Smartwares HOME easy 1.0.9 Client-Side Authentication Bypass via Web Pages

Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system...

CVE-2019-25235

The CVE-2019-25235 entry concerns Smartwares HOME easy 1.0.9, where an authentication bypass vulnerability allows unauthenticated attackers to access administrative web pages by disabling JavaScript. This enables navigation to multiple administrative endpoints and bypass of client-side validation...

CVE-2019-25235 Smartwares HOME easy 1.0.9 Client-Side Authentication Bypass via Web Pages

Smartwares HOME easy 1.0.9 contains an authentication bypass vulnerability that allows unauthenticated attackers to access administrative web pages by disabling JavaScript. Attackers can navigate to multiple administrative endpoints and to bypass client-side validation and access sensitive system...

CVE-2018-25131 Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Stored XSS via Config Upload

Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a stored cross-site scripting vulnerability in the configuration file upload functionality. Attackers can upload a malicious HTML file to that executes arbitrary JavaScript in a user's browser session when viewed...

CVE-2018-25131

CVE-2018-25131 concerns Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063. The vulnerability is a stored cross-site scripting (XSS) flaw in the configuration file upload functionality, allowing an uploaded HTML file to execute arbitrary JavaScript in a user’s browser session when viewed. Affecte...