CVE-2025-27388

Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens...

CVE-2025-27388 Arbitrary URL Loading in WebView Leading to Token Leakage Risk

Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens...

CVE-2025-27388 Arbitrary URL Loading in WebView Leading to Token Leakage Risk

Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens...

CVE-2025-27388

CVE-2025-27388 describes an issue where loading arbitrary external URLs through WebView components can inject malicious JavaScript to steal user tokens. The initial entry notes high impact (CVSS 4.0 base score 8.3) with NETWORK attack vector and high confidentiality impact. Connected documents co...

PT-2025-33131 · Webview · Webview

Name of the Vulnerable Software and Affected Versions: versions prior to 2025-27388 Description: Loading arbitrary external URLs through WebView components introduces malicious JavaScript JS code that can steal arbitrary user tokens. Recommendations: At the moment, there is no information about a...

OPPO HEALTH APP 安全漏洞

OPPO HEALTH APP is a health mobile app from China's OPPO. A security vulnerability exists in OPPO HEALTH APP, which originates from the introduction of malicious JS code via loading an arbitrary external URL via the WebView component, which may steal user tokens...

CVE-2025-32430

CVE-2025-32430 – XWiki Platform Reflected XSS . Affected: XWiki Platform versions 4.2-milestone-3 through 16.4.7, 16.5.0-rc-1 through 16.10.5, and 17.0.0-rc-1 through 17.2.2. Issue: two templates contain reflected XSS allowing attacker-controlled URLs to execute JavaScript in the victim’s session...

CVE-2025-51541

A stored cross-site scripting XSS vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The cdatabaseschema field fails to properly sanitize user-supplied input before rendering it in the browser, allowing an attacker to inject malicious...

CVE-2025-46958 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-52203

A stored cross-site scripting XSS vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated attacker can inject malicious JavaScript payloads into this field, which are...

CVE-2025-52203

A stored cross-site scripting XSS vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated attacker can inject malicious JavaScript payloads into this field, which are...

PT-2025-31555 · Unknown · Devaslanphp Project-Management

Name of the Vulnerable Software and Affected Versions: DevaslanPHP project-management version 1.2.4 Description: A stored cross-site scripting XSS issue exists in DevaslanPHP project-management version 1.2.4. The vulnerability is located in the Ticket Name field, which does not properly sanitize...

CVE-2025-27802

The Episerver Content Management System CMS by Optimizely was affected by multiple Stored Cross-Site Scripting XSS vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. RTE properties text fields, which could be used in the "Edit"...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-18564)

Adobe Experience Manager is an application developed by Adobe for creating, organizing and publishing digital content. It helps organizations manage their websites, mobile applications and other digital experiences more easily through an integrated interface. Users can utilize different tools and...

CVE-2025-27801

The Episerver Content Management System CMS by Optimizely was affected by multiple Stored Cross-Site Scripting XSS vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. ContentReference properties, which could be used in the "Edit"...

CVE-2025-27802 Stored Cross-Site Scripting in Episerver Content Management System (CMS) Edit Preview

The Episerver Content Management System CMS by Optimizely was affected by multiple Stored Cross-Site Scripting XSS vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. RTE properties text fields, which could be used in the "Edit"...

CVE-2025-27802

CVE-2025-27802: Stored XSS in Optimizely Episerver CMS (EPiServer.CMS.Core/UI) via Rich Text Editor fields in the Edit/Preview flow. An authenticated user with WebEditor role could inject JavaScript that runs when a page is previewed. Affected: Episerver CMS 11.x (<11.21.4 core with UI <11....

CVE-2025-27802 Stored Cross-Site Scripting in Episerver Content Management System (CMS) Edit Preview

The Episerver Content Management System CMS by Optimizely was affected by multiple Stored Cross-Site Scripting XSS vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. RTE properties text fields, which could be used in the "Edit"...

CVE-2025-27801 Stored Cross-Site Scripting in Episerver Content Management System (CMS) Media Selection Preview

The Episerver Content Management System CMS by Optimizely was affected by multiple Stored Cross-Site Scripting XSS vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. ContentReference properties, which could be used in the "Edit"...

CVE-2025-27801 Stored Cross-Site Scripting in Episerver Content Management System (CMS) Media Selection Preview

The Episerver Content Management System CMS by Optimizely was affected by multiple Stored Cross-Site Scripting XSS vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. ContentReference properties, which could be used in the "Edit"...