CVE-2025-56515

File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers onmouseover to be uploaded...

PT-2025-40270

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.4.4 Splunk Enterprise versions prior to 9.3.6 Splunk Enterprise versions prior to 9.2.8 Splunk Cloud Platform versions prior to 9.3.2411.109 Splunk Cloud Platform versions prior to 9.3.2408.119 Splunk Clou...

CVE-2025-8116 Reflected XSS in PAD CMS

PAD CMS is vulnerable to Reflected XSS in printing and save to PDF functionality. Malicious attacker can craft special URL, which will result in arbitrary JavaScript execution in victim's browser, when opened. This issue affects all 3 templates: www, bip and www+bip. This product is End-Of-Life a...

VulnCheck KEV: CVE-2025-27915

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0 and 10.1. A stored cross-site scripting XSS vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its...

PT-2025-39965

Name of the Vulnerable Software and Affected Versions PAD CMS affected versions not specified Description PAD CMS is susceptible to Reflected Cross-Site Scripting XSS in the printing and save to PDF features. An attacker can create a specially crafted URL that, when opened by a user, leads to the...

CVE-2025-35034

Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portletuserid' URL parameter. A remote, unauthenticated attacker can craft a URL that can execute arbitrary JavaScript in the victim's browser. This issue is fixed as of 2025-03-14...

CVE-2025-35034

Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portletuserid' URL parameter. A remote, unauthenticated attacker can craft a URL that can execute arbitrary JavaScript in the victim's browser. This issue is fixed as of 2025-03-14...

CVE-2025-35034 Medical Informatics Engineering Enterprise Health reflected cross site scripting via portlet_user_id

Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portletuserid' URL parameter. A remote, unauthenticated attacker can craft a URL that can execute arbitrary JavaScript in the victim's browser. This issue is fixed as of 2025-03-14...

CVE-2025-57877

There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...

CVE-2025-57873

There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...

CVE-2025-57877

There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...

CVE-2025-57871 BUG-000174020 - Reflected XSS vulnerability identified in Portal for ArcGIS. (11.3, 11.1, 10.9.1)

There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...

CVE-2025-57873

A reflected cross-site scripting vulnerability affects Esri Portal for ArcGIS 11.4 and earlier. An authenticated administrator can supply a crafted string to trigger arbitrary JavaScript execution in the user’s browser. Root cause appears to be reflected XSS via input echoed in the page. Impact p...

CVE-2025-57873 BUG-000175222 - Reflected XSS vulnerability in Portal for ArcGIS.

There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...

CVE-2025-57875

CVE-2025-57875 affects Esri Portal for ArcGIS

CVE-2025-57875 BUG-000164122 - Reflected XSS vulnerability in Portal for ArcGIS.

There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser...

PT-2025-39862

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions 11.4 and below Description A reflected cross site scripting issue exists that could allow a remote authenticated attacker with administrative access to execute arbitrary JavaScript code in the browser by supplyi...

GHSA-456V-F425-8MCV PiranhaCMS stored XSS

PiranhaCMS 12.0 allows stored XSS in the Text content block of Standard and Standard Archive Pages via /manager/pages, enabling execution of arbitrary JavaScript in another user s browser...

Star Citizen EmbedVideo Extension Stored XSS through wikitext caused by usage of non-reserved data attributes

Summary The EmbedVideo extension allows adding arbitrary attributes to an HTML element, allowing for stored XSS through wikitext. Details The attributes of an iframe are populated with the value of an unreserved data attribute data-iframeconfig that can be set via wikitext:...

GHSA-4J5H-MVJ3-M48V Star Citizen EmbedVideo Extension Stored XSS through wikitext caused by usage of non-reserved data attributes

Summary The EmbedVideo extension allows adding arbitrary attributes to an HTML element, allowing for stored XSS through wikitext. Details The attributes of an iframe are populated with the value of an unreserved data attribute data-iframeconfig that can be set via wikitext:...