2163 matches found
CVE-2025-64619
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-64575
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-64822 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-64789
Adobe Experience Manager (AEM) versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. A low privileged attacker can inject malicious scripts, which may be executed in a victim’s browser when visiting the page containing the field. ...
CVE-2025-64581 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
PT-2025-50404
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-66561
SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting XSS vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This...
CVE-2025-66563
Monkeytype (versions prior to 25.49.0) is affected by a stored XSS due to improper handling of user input in quote.text and quote.source, which are inserted into the DOM and rendered if HTML tags are present. The vulnerability can allow an attacker to execute JavaScript for users viewing a malici...
CVE-2025-66563 Monkeytype vulnerable to stored XSS in approve quotes page
Monkeytype is a minimalistic and customizable typing test. In 25.49.0 and earlier, there is improper handling of user input which allows an attacker to execute malicious javascript on anyone viewing a malicious quote submission. quote.text and quote.source are user input, and they're inserted...
CVE-2025-66561 SysReptor Vulnerable to an Authenticated Stored Cross-Site Scripting (XSS)
SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting XSS vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This...
CVE-2025-66561 SysReptor Vulnerable to an Authenticated Stored Cross-Site Scripting (XSS)
SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting XSS vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This...
CVE-2025-66561
CVE-2025-66561 affects SysReptor (Syslifters) prior to version 2025.102, exposing an authenticated Stored Cross-Site Scripting (XSS) vulnerability. An attacker can upload malicious JavaScript in the web UI, and execute it in the context of other logged-in users. The issue is fixed in 2025.102. Ex...
CVE-2023-53735 WEBIGniter 28.7.23 Cross-Site Scripting (XSS) in User Creation Process
WEBIGniter 28.7.23 contains a cross-site scripting vulnerability in the user creation process that allows unauthenticated attackers to execute malicious JavaScript code, enabling potential XSS attacks...
CVE-2023-53735 WEBIGniter 28.7.23 Cross-Site Scripting (XSS) in User Creation Process
WEBIGniter 28.7.23 contains a cross-site scripting vulnerability in the user creation process that allows unauthenticated attackers to execute malicious JavaScript code, enabling potential XSS attacks...
Seafile Community Edition 安全漏洞
Seafile Community Edition is a document collaboration platform from China's Haiwen Huzhi Seafile Company. A security vulnerability exists in Seafile Community Edition versions prior to 13.0.12, which stems from a stored cross-site scripting attack that could lead to malicious JavaScript execution...
Monkeytype 跨站脚本漏洞
Monkeytype is a minimalist and customizable typing test open-sourced by Monkeytype. A cross-site scripting vulnerability exists in Monkeytype version 25.49.0 and earlier, which stems from mishandling of user input and could lead to the execution of malicious JavaScript when viewing maliciously...
PT-2025-49172
Name of the Vulnerable Software and Affected Versions SysReptor versions prior to 2025.102 Description A Stored Cross-Site Scripting XSS issue exists in SysReptor, a customizable pentest reporting platform. Authenticated users can execute malicious JavaScript code within the context of other...
PT-2025-49130
WEBIGniter 28.7.23 contains a cross-site scripting vulnerability in the user creation process that allows unauthenticated attackers to execute malicious JavaScript code, enabling potential XSS attacks...
PT-2025-49098
A stored cross-site scripting XSS vulnerability was discovered in Seafile Community Edition prior to version 13.0.12. When Seafile is configured with the Golang file server, an attacker can upload a crafted SVG file containing malicious JavaScript and share it using a public link. Opening the lin...
IDI Eikon Governalia 跨站脚本漏洞
IDI Eikon Governalia is an e-government and smart city software platform from the Spanish company IDI Eikon. A cross-site scripting vulnerability exists in IDI Eikon Governalia, which stems from reflective cross-site scripting and could lead to the execution of malicious JavaScript code...