Progress Flowmon 跨站脚本漏洞

Progress Flowmon is a real-time network traffic monitoring tool developed by Progress Corporation. Versions of Progress Flowmon prior to 12.5.8 and 13.0.6 contained a cross-site scripting vulnerability. This vulnerability could lead to unexpected operations when administrators clicked on maliciou...

CVE-2025-13676

The JustClick registration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on the PHPSELF server variable. This makes it possible for unauthenticated attackers to...

CVE-2025-47700

Mattermost Server versions 10.5.x = 10.5.9 utilizing the Agents plugin fail to reject empty request bodies which allows users to trick users into clicking malicious links via post actions...

Cross site scripting

Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources...

Meta Platforms Lexical 跨站脚本漏洞

Meta Platforms Lexical is an extensible JavaScript web text editor framework from Meta Platforms, Inc. A security vulnerability exists in Meta Platforms Lexical versions prior to v0.10.0 that originates from allowing cross-site scripting attacks on link clicks while parsing input from an untruste...

Newsletter 3.7.0 - Open Redirect

The Newsletter plugin is susceptible to an Open Redirect vulnerability. This issue is due to the fact user input it taken, and trusted, without validation. This user input is used when tracking link clicks, via the ‘newsletter/statistics/link.php’ script. User input is Base64 encoded, and split o...