CVE-2025-27800 Stored Cross-Site Scripting in Episerver Content Management System (CMS) Admin Dashboard

The Episerver Content Management System CMS by Optimizely was affected by multiple Stored Cross-Site Scripting XSS vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. The Admin dashboard offered the functionality to add gadgets to...

CVE-2025-27800

CVE-2025-27800 corresponds to multiple stored XSS flaws in Optimizely Episerver CMS (EPiServer.CMS.Core/UI) affecting 11.x (<11.21.4 core and <11.37.5 UI) and 12.x (<12.22.1 core and

Optimizely Episerver Content Management System 安全漏洞

Optimizely Episerver Content Management System is an enterprise-class content management system from Optimizely, Inc. A security vulnerability exists in the Optimizely Episerver Content Management System that stems from stored cross-site scripting that allows an authenticated attacker to execute...

Optimizely Episerver Content Management System 安全漏洞

Optimizely Episerver Content Management System is an enterprise-class content management system from Optimizely, Inc. A security vulnerability exists in the Optimizely Episerver Content Management System that stems from stored cross-site scripting that allows an authenticated attacker to execute...

Optimizely Episerver Content Management System 安全漏洞

Optimizely Episerver Content Management System is an enterprise-class content management system from Optimizely, Inc. A security vulnerability exists in the Optimizely Episerver Content Management System that stems from stored cross-site scripting that allows an authenticated attacker to execute...

CVE-2025-45892

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code...

CVE-2025-46993

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-45892

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code...

CVE-2025-45892

OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting XSS attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly sanitized or escaped before being rendered. This allows attackers to inject malicious JavaScript code...

Adobe Experience Manager Cross-Site Scripting Vulnerability

Adobe Experience Manager is an enterprise-grade content management solution from Adobe designed to help companies efficiently build, manage and deliver multi-channel digital content and personalized experiences. A cross-site scripting vulnerability exists in Adobe Experience Manager, which can be...

CVE-2025-46993 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is an application developed by Adobe for creating, organizing and publishing digital content. It helps organizations manage their websites, mobile applications and other digital experiences more easily through an integrated interface. Users can utilize different tools and...

CVE-2025-47053

Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation ...

CVE-2025-47053

Adobe Experience Manager versions 6.5.22 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. A low privileged attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation ...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is an enterprise-grade content management solution from Adobe designed to help companies efficiently build, manage and deliver multi-channel digital content and personalized experiences. A cross-site scripting vulnerability exists in Adobe Experience Manager, which can be...

CVE-2025-4779

lunary-ai/lunary versions prior to 1.9.24 are vulnerable to stored cross-site scripting XSS. An unauthenticated attacker can inject malicious JavaScript into the v1/runs/ingest endpoint by adding an empty citations field, triggering a code path where dangerouslySetInnerHTML is used to render...

CVE-2025-49542

The CVE-2025-49542 issue is a reflected Cross-Site Scripting (XSS) vulnerability in Adobe ColdFusion affecting versions 2025.2, 2023.14, 2021.20 and earlier. An unauthenticated attacker can lure a user to a URL referencing a vulnerable page, causing malicious JavaScript to run in the victim’s bro...

CVE-2025-49542 ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of...

CVE-2025-50367

CVE-2025-50367 corresponds to a stored blind XSS vulnerability in the Contact Page of Phpgurukul Medical Card Generation System 1.0 (mcgs/contact.php). The root cause is improper sanitization/cleanup of the name field, enabling JavaScript injection. Public sources (NVD, Red Hat, CNVD, CNVD, PT-Se...

CVE-2024-56916

In Netbox Community 4.1.7, once authenticated, Configuration History Addis vulnerable to cross-site scripting XSS due to the current value field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript to the any banner field. Once a victim edits a...