5941 matches found
CVE-2026-23516
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a maliciously crafted label in a CVAT task or...
CVE-2025-9289
CVE-2025-9289 is a Cross-Site Scripting (XSS) vulnerability in Omada Controllers caused by improper input sanitization in a parameter. Exploitation requires specific conditions (network positioning or impersonating a trusted entity) and interaction from an authenticated administrator, potentially...
CVE-2025-67683
Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in arbitrary JavaScript execution in the victim’s browser. The vendor was notified early about this vulnerability, but didn't respond with the details of...
CVE-2025-67683 Reflected XSS in Quick.Cart
Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in arbitrary JavaScript execution in the victim’s browser. The vendor was notified early about this vulnerability, but didn't respond with the details of...
CVE-2025-27380
HTML injection in Project Release in Altium Enterprise Server AES 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content...
CVE-2025-27380
HTML injection in Project Release in Altium Enterprise Server AES 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content...
CVE-2025-27380 HTML Injection Leading to Script Execution in Altium Enterprise Server
HTML injection in Project Release in Altium Enterprise Server AES 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content...
PT-2026-4284
Name of the Vulnerable Software and Affected Versions Omada Controllers affected versions not specified Description A Cross-Site Scripting XSS issue exists in a parameter within Omada Controllers because of insufficient input sanitization. Successful exploitation requires specific conditions,...
Altium Enterprise Server security vulnerabilities
Altium Enterprise Server is a localization data management server developed by Altium Corporation in the United States. Version 7.0.3 of Altium Enterprise Server contains a security vulnerability. This vulnerability stems from HTML injection in Project Release, which may allow arbitrary JavaScrip...
CVE-2026-23737
seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, improper input handling in the JSON deserialization component can lead to arbitrary JavaScript code execution. Exploitation is possible via overriding consta...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of object names in the GetArtifactFile function. An attacker can execute arbitrary JavaScript in another user's browser by crafting malicious workflows that produce an HTML artifact enabling...
CVE-2026-23516
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a maliciously crafted label in a CVAT task or...
CVE-2026-22792
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...
CVE-2026-22792 5ire vulnerable to Remote Code Execution (RCE)
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...
CVE-2025-58090
Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...
CVE-2025-58093
Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...
CVE-2025-58087
Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...
CVE-2025-36556
A reflected cross-site scripting xss vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-58094
Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...
CVE-2025-54852
A reflected cross-site scripting xss vulnerability exists in the modifyAeTitle functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...