Remote Code Execution

Flowise is vulnerable toRemote Code Execution. The vulnerability is due to unsafe evaluation of user-supplied configuration in the convertToValidJSONString function executing the mcpServerConfig input as JavaScript, An attackers can use this to execute arbitrary Node.js code to run commands or...

CVE-2025-61319

ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload, the unsanitized payload is rendered in the ReNgine web UI, resulting in arbitrary JavaScript execution in the victim's browser. This can b...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23565)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23554)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23553)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23549)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23539)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23546)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the...

CVE-2025-11189

The Kiwire Captive Portal contains a reflected cross-site scripting XSS vulnerability within the login-url parameter, allowing for Javascript execution...

CVE-2025-35060

Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...

CVE-2025-60880

An authenticated stored XSS vulnerability exists in the Bagisto 2.3.6 admin panel's product creation path, allowing an attacker to upload a crafted SVG file containing malicious JavaScript code. This vulnerability can be exploited by an authenticated admin user to execute arbitrary JavaScript in...

CVE-2025-11189

The Kiwire Captive Portal contains a reflected cross-site scripting XSS vulnerability within the login-url parameter, allowing for Javascript execution...

CVE-2025-11189

The Kiwire Captive Portal contains a reflected cross-site scripting XSS vulnerability within the login-url parameter, allowing for Javascript execution...

CVE-2025-11189 CVE-2025-11189

The Kiwire Captive Portal contains a reflected cross-site scripting XSS vulnerability within the login-url parameter, allowing for Javascript execution...

CVE-2025-11189 CVE-2025-11189

The Kiwire Captive Portal contains a reflected cross-site scripting XSS vulnerability within the login-url parameter, allowing for Javascript execution...

CVE-2025-61788

Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 17.8 and 18.2, the paella would include and render some user inputs metadata like title, description, etc. unfiltered and unmodified. The vulnerability allows attackers to...

Kiwire Captive Portal 安全漏洞

Kiwire Captive Portal is a login authentication page from Kiwire Malaysia. A security vulnerability exists in Kiwire Captive Portal, which stems from the presence of reflective cross-site scripting in the login-url parameter, which could lead to the execution of Javascript code...

CVE-2025-60880

Bagisto 2.3.6 admin panel product creation path is affected by an authenticated stored XSS via a crafted SVG file containing JavaScript. Exploitation requires an authenticated admin and can lead to in-browser arbitrary JS execution, with potential session hijacking or data theft. Affected compone...

CVE-2025-61319

ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload, the unsanitized payload is rendered in the ReNgine web UI, resulting in arbitrary JavaScript execution in the victim's browser. This can b...

PT-2025-41564

Name of the Vulnerable Software and Affected Versions ReNgine versions through 2.2.0 Description ReNgine through version 2.2.0 contains a Stored Cross-Site Scripting XSS issue within the Vulnerabilities module. When a target is scanned using an XSS payload, the payload is rendered without proper...