CVE-2025-62418

Bagisto v2.3.7 contains an XSS vulnerability in TinyMCE image upload: uploading a crafted SVG with embedded JavaScript is possible by an admin or other privileged user, leading to code execution in the context of the viewer’s browser. The issue arises from SVGs being accepted without sanitization...

CVE-2025-59269

A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-55072

Stored cross-site scripting XSS vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser...

CVE-2025-54859

Stored cross-site scripting XSS vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser...

CVE-2025-55072

Stored cross-site scripting XSS vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser...

EUVD-2025-34749

Reflected cross-site scripting XSS vulnerability in desknet's Web Server allows execution of arbitrary JavaScript in a user’s web browser...

CVE-2025-52583

Reflected cross-site scripting XSS vulnerability in desknet's Web Server allows execution of arbitrary JavaScript in a user’s web browser...

CVE-2025-24833

CVE-2025-24833 is a stored XSS vulnerability in desknet’s NEO, affecting version range V4.0R1.0–V9.0R2.0. The issue allows execution of arbitrary JavaScript in a user’s browser via a stored payload. The connected Red Hat (RH:CVE-2025-24833) and other feeds confirm the same description. No exploit...

EUVD-2025-34750

Stored cross-site scripting XSS vulnerability in desknet's NEO versions V4.0R1.0–V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser...

NEOJAPAN desknets Web Server 跨站脚本漏洞

NEOJAPAN desknets Web Server is a back-end service for a large network group collaboration software from NEOJAPAN Japan. A cross-site scripting vulnerability exists in NEOJAPAN desknets Web Server, which stems from susceptibility to reflective cross-site scripting attacks that could lead to the...

NEOJAPAN desknets NEO 跨站脚本漏洞

NEOJAPAN desknets NEO is a large network group collaboration software from NEOJAPAN Japan. A cross-site scripting vulnerability exists in NEOJAPAN desknets NEO versions V2.0R1.0 through V9.0R2.0 that originates from stored cross-site scripting and could lead to the execution of arbitrary JavaScri...

Desknets Neo 跨站脚本漏洞

Desknets Neo is a remote office support software from Desknets Japan. A cross-site scripting vulnerability exists in Desknets Neo V9.0R2.0 and earlier versions, which originates from stored cross-site scripting and could lead to the execution of arbitrary JavaScript...

CVE-2025-62366

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated content is supplied. The function attempts t...

EUVD-2025-34656

A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-59269

A stored cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-59269

CVE-2025-59269 is a stored cross-site scripting (XSS) vulnerability in BIG-IP Configuration utility. It affects BIG-IP (all modules) and stems from insufficient input handling on an undisclosed page, allowing an attacker to store and execute JavaScript in the context of the currently logged-in us...

CVE-2025-10869

Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...

F5 BIG-IP 跨站脚本漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 Corporation. A cross-site scripting vulnerability exists in F5 BIG-IP that stems from the presence of stored cross-site scripting o...

F5 BIG-IP 跨站脚本漏洞

F5 BIG-IP is an application delivery platform that integrates network traffic management, application security management, load balancing, and other features from F5 USA. A cross-site scripting vulnerability exists in F5 BIG-IP that stems from the presence of reflective cross-site scripting on an...

EUVD-2025-34249

Home Assistant has Stored XSS vulnerability in Energy dashboard from Energy Entity Name...