195 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-39333
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that t...
PT-2025-7291 · Phpjabbers · Phpjabbers Car Park Booking System
Name of the Vulnerable Software and Affected Versions: PHPJabbers Car Park Booking System version 3.0 Description: The issue concerns multiple HTML injection vulnerabilities in the name, plugin sms api key, plugin sms country code, and title parameters. This allows for potential malicious code...
CVE-2024-11831 Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by...
ASP.NET Vulnerability Lets Hackers Hijack Servers, Inject Malicious Code
Microsoft cybersecurity experts have identified a vulnerability flaw affecting ASP.NET applications, putting thousands of web servers at risk.…...
CVE-2025-20204 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied...
CVE-2025-20204
CVE-2025-20204 affects Cisco Identity Services Engine (ISE) web-based management interface. The issue is a cross-site scripting (XSS) vulnerability caused by insufficient validation of user-supplied input, enabling an authenticated attacker with valid admin credentials to inject malicious script ...
Cross-Site Scripting (XSS)
Axios is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper origin determination and unsafe handling of the href attribute in the lib/helpers/isURLSameOrigin.js file, which does not use a proper URL object. It allows an attacker to manipulate the href attribute and injec...
EmbedAI 跨站脚本漏洞
EmbedAI is a platform from EmbedAI that enables users to use their data to create AI chatbots powered by ChatGPT. EmbedAI suffers from a cross-site scripting vulnerability. An attacker exploiting this vulnerability could inject malicious JavaScript code into messages...
CVE-2025-24814
Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that 1 use the "FileSystemConfigSetService" component the default in "standalone" or "user-managed" mode, and 2 are running without authentication and authorization are vulnerable to a sort...
CVE-2025-0060
SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information from the server and send it to the attacker. The attacker could further use this information to impersonate as a high privileged...
CVE-2024-50861
GestioIP v3.5.7 is affected by a Stored XSS in the ip_mod_dns_key_form.cgi flow. An attacker can inject code into the TSIG Key field, which is stored in the database and triggers XSS when the DNS Key page is viewed, enabling data exfiltration and CSRF. The Red Hat CVE entry and Exploit/packetstor...
CVE-2025-20166
CVE-2025-20166 affects Cisco Common Services Platform Collector (CSPC). The vulnerability is an authenticated, remote cross-site scripting (XSS) flaw in the CSPC web-based management interface caused by insufficient validation of user-supplied input. An attacker with at least a low-privileged acc...
PT-2025-1022 · Cisco · Cisco Common Services Platform Collector
Name of the Vulnerable Software and Affected Versions: Cisco Common Services Platform Collector CSPC affected versions not specified Description: A vulnerability in the web-based management interface of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to...
GHSA-WW33-JPPQ-QFRP phpMyFAQ Vulnerable to Stored HTML Injection at FAQ
Summary Due to insufficient validation on the content of new FAQ posts, it is possible for authenticated users to inject malicious HTML or JavaScript code that can impact other users viewing the FAQ. This vulnerability arises when user-provided inputs in FAQ entries are not sanitized or escaped...
When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions
News has been making headlines over the weekend of the extensive attack campaign targeting browser extensions and injecting them with malicious code to steal user credentials. Currently, over 25 extensions, with an install base of over two million users, have been found to be compromised, and...
The Future of Serverless Security in 2025: From Logs to Runtime Protection
Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around...
PT-2024-35795 · Spip · Spip
Name of the Vulnerable Software and Affected Versions: SPIP version 4.3.3 Description: A cross-site scripting XSS vulnerability in the Article module of SPIP allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter. This...
CVE-2024-32767 Photo Station
A cross-site scripting XSS vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo Station 6.4.3 2024/07/12 a...
Zimbra Collaboration Server 9.0.0 < 9.0.0 Patch 41, 10.0 < 10.0.9, 10.1.0 < 10.1.1 XSS
An issue was discovered in Zimbra Collaboration ZCS through 10.0. Zimbra Webmail Modern UI is vulnerable to a stored Cross-Site Scripting XSS attack due to improper sanitization of user input. This allows an attacker to inject malicious code into specific fields of an e-mail message. When the...
Cross Site Scripting(XSS)
sulu/sulu is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the improper handling of user input in the media download URL within the SuluMediaBundle component, allowing attackers to inject malicious code that can be executed in the browser of users who access the compromised...