CVE-2025-3386

A vulnerability was found in LinZhaoguan pb-cms 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /adminlinks of the component Friendship Link Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The...

CVE-2025-3386 LinZhaoguan pb-cms Friendship Link admin#links cross site scripting

A vulnerability was found in LinZhaoguan pb-cms 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /adminlinks of the component Friendship Link Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The...

CVE-2025-3386

CVE-2025-3386 affects LinZhaoguan pb-cms 2.0, specifically the Friendship Link Handler’s /admin#links function. The vulnerability is a cross-site scripting issue described as potentially exploitable remotely, with the exploit disclosed publicly. Multiple sources corroborate the issue, including R...

pb-cms 代码注入漏洞

pb-cms waterfall content management system is a content management system developed by LinZhaoguan. A code injection vulnerability exists in pb-cms version 2.0, which is caused by cross-site scripting in Friendship Link Handler...

CVE-2025-3005

A vulnerability was found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this issue is some unknown functionality of the component Friend Link Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclos...

CVE-2025-3005

A vulnerability was found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this issue is some unknown functionality of the component Friend Link Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclos...

CVE-2025-3005 Sayski ForestBlog Friend Link cross site scripting

A vulnerability was found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this issue is some unknown functionality of the component Friend Link Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclos...

CVE-2025-3005 Sayski ForestBlog Friend Link cross site scripting

A vulnerability was found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this issue is some unknown functionality of the component Friend Link Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclos...

CVE-2025-3005

CVE-2025-3005 affects Sayski ForestBlog (up to 20250321) with a vulnerability in the Friend Link Handler that allows cross-site scripting (XSS) . The issue is exploitable remotely over the network; the exploit has been disclosed publicly. Multiple sources (NVD, Red Hat, CVE list, VulnDB/Vuln enri...

ForestBlog 安全漏洞

ForestBlog is an application. A personal blog. A security vulnerability exists in ForestBlog 20250321 and earlier versions that stems from a cross-site scripting vulnerability in the Friend Link Handler component...

CVE-2025-2700

A vulnerability classified as problematic has been found in michelson Dante Editor up to 0.4.4. This affects an unknown part of the component Insert Link Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2025-2700 michelson Dante Editor Insert Link cross site scripting

A vulnerability classified as problematic has been found in michelson Dante Editor up to 0.4.4. This affects an unknown part of the component Insert Link Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

CVE-2024-0650

A vulnerability was found in Project Worlds Visitor Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file dataset.php of the component URL Handler. The manipulation of the argument name with the input "alert'torada' leads to cross site scripting...

CVE-2023-7171

A vulnerability was found in Novel-Plus up to 4.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file novel-admin/src/main/java/com/java2nb/novel/controller/FriendLinkController.java of the component Friendly Link Handler. The manipulatio...

Cross site scripting

A vulnerability was found in Novel-Plus up to 4.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file novel-admin/src/main/java/com/java2nb/novel/controller/FriendLinkController.java of the component Friendly Link Handler. The manipulatio...

PT-2023-32918 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus versions up to 4.2.0 Description: A vulnerability was found in the component Friendly Link Handler, specifically in the file novel-admin/src/main/java/com/java2nb/novel/controller/FriendLinkController.java. The manipulation of an...

CVE-2023-34245 Cross site scripting (XSS) in @udecode/plate-link

@udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the javascript: scheme. As a result, links with JavaScript URLs can be inserted into th...

CVE-2023-34245

The CVE-2023-34245 issue affects @udecode/plate-link, the link handler for the Plate editor (Slate/React). Affected versions allow JavaScript: URLs to be rendered into the DOM due to inadequate URL sanitization, enabling potential XSS through links inserted by various means. The patch in plate-li...

PT-2022-27141 · Unknown · Rathena Fluxcp

Name of the Vulnerable Software and Affected Versions: rAthena FluxCP affected versions not specified Description: A vulnerability was found in the Service Desk Image URL Handler component of rAthena FluxCP, affecting an unknown function of the file themes/default/servicedesk/view.php. The...

Vulnerability of the actionLinkHandler method in the server-based corporate messaging system that supports file sharing and video conferences. Chat, which allows attackers to expose sensitive information.

The vulnerability of the actionLinkHandler method in the server-based corporate messaging system that supports file and video conferencing exchanges. Chat-related vulnerabilities involve insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to disclose...