59143 matches found
UBUNTU-CVE-2025-65187
A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field. An authenticated user can inject malicious JavaScript into this field and it executes whenever the page is viewed...
Prototype Pollution
happy-dom is vulnerable to Prototype Pollution. The vulnerability is due to untrusted JavaScript running in the same isolate as the main application despite the --disallow-code-generation-from-strings flag, which allows an attacker to deploy prototype-pollution payloads to hijack critical...
CVE-2025-13873
Stored Cross-Site Scripting XSS in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey...
EUVD-2025-200215
Stored Cross-Site Scripting XSS in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey...
CVE-2025-13873
ObjectPlanet Opinio 7.26 rev12562 is affected by a stored Cross-Site Scripting (XSS) in the survey-import feature. The vulnerability arises from the import path, allowing an attacker to inject JavaScript that executes in the browsing context of visitors accessing the compromised survey. No exploi...
CVE-2025-65944
Sentry-Javascript is an official Sentry SDKs for JavaScript. From version 10.11.0 to before 10.27.0, when a Node.js application using the Sentry SDK has sendDefaultPii: true it is possible to inadvertently send certain sensitive HTTP headers, including the Cookie header, to Sentry. Those headers...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via incomplete sanitization of certain SVG and MathML attributes, including xlink:href, math|href, as well as the attributeName attribute of SVG animation elements when it is bound to href or xlink:href. An...
GHSA-V4HV-RGFQ-GP49 Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes
A Stored Cross-Site Scripting XSS vulnerability has been identified in the Angular Template Compiler. It occurs because the compiler's internal security schema is incomplete, allowing attackers to bypass Angular's built-in security sanitization. Specifically, the schema fails to classify certain...
CVE-2025-63534
A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and...
PT-2025-48755
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 143.0.7499.41 Description A type confusion issue exists in the V8 JavaScript engine used in Google Chrome. This flaw could allow a remote attacker to potentially exploit heap corruption through a specially craft...
ROS-20251202-04
A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to reading outside the boundaries of the buffer. Exploitation of the vulnerability could allow an attacker acting remotely to impact the availability of protected information Vulnerability in the WebApp Instal...
IDI Eikon Governalia 跨站脚本漏洞
IDI Eikon Governalia is an e-government and smart city software platform from the Spanish company IDI Eikon. A cross-site scripting vulnerability exists in IDI Eikon Governalia, which stems from reflective cross-site scripting and could lead to the execution of malicious JavaScript code...
PT-2025-48660
Name of the Vulnerable Software and Affected Versions ObjectPlanet Opinio versions 7.26 rev12562 Description A stored Cross-Site Scripting XSS issue exists in the survey-import feature of the web application. This allows an attacker to inject arbitrary JavaScript code that will execute within the...
ObjectPlanet Opinio 安全漏洞
ObjectPlanet Opinio is an online survey system from ObjectPlanet Norway. A security vulnerability exists in ObjectPlanet Opinio version 7.26 rev12562, which stems from the presence of stored cross-site scripting in the survey import function, which could allow an attacker to inject arbitrary...
PT-2025-48767
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 143.0.7499.41 Description A race condition existed in the v8 engine within Google Chrome. This could potentially allow a remote attacker to exploit heap corruption through a specially crafted HTML page. The...
PT-2025-48708
DeepSeek V3.2 has a Cross Site Scripting XSS vulnerability, which allows JavaScript execution through model-generated SVG content...
CVE-2025-63872
DeepSeek V3.2 has a Cross Site Scripting XSS vulnerability, which allows JavaScript execution through model-generated SVG content...
CVE-2025-63872
DeepSeek V3.2 is affected by an XSS vulnerability that allows JavaScript execution through model-generated SVG content. The CVE-2025-63872 entry notes a network-based vulnerability with low exploit complexity and requiring user interaction , resulting in a Medium (6.1) base score per CVSS 3.1. Mu...
PT-2025-48754
Name of the Vulnerable Software and Affected Versions Aimeos GrapesJS CMS extension versions prior to 2021.10.8 Aimeos GrapesJS CMS extension versions prior to 2022.10.8 Aimeos GrapesJS CMS extension versions prior to 2023.10.8 Aimeos GrapesJS CMS extension versions prior to 2024.10.8 Aimeos...
CVE-2025-65187
A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field. An authenticated user can inject malicious JavaScript into this field and it executes whenever the page is viewed...