Jmix 跨站脚本漏洞

Jmix is a set of libraries and tools from Jmix, Inc. for accelerating Spring Boot data-centric application development. A cross-site scripting vulnerability exists in Jmix versions 1.0.0 through 1.6.1 and 2.0.0 through 2.3.4, which stems from improperly manipulated file paths and could lead to...

WonderCMS 3.4.2 - Remote Code Execution (RCE)

Exploit Title: WonderCMS 3.4.2 - Remote Code Execution RCE Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ CVE: CVE-2023-41425 import requests import...

CVE-2025-3760

A stored cross-site scripting XSS vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10...

CVE-2025-30292 ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's...

CVE-2025-26653 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)

SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting XSS vulnerability. This enables an attacker, without requiring any privileges, to inject malicious JavaScript into a website. When a user visits the compromised page,...

PT-2025-15661 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.0 and earlier ColdFusion versions 2023.12 ColdFusion versions 2021.18 Description: The issue is a reflected Cross-Site Scripting XSS vulnerability. If an attacker convinces a victim to visit a URL referencing a...

CVE-2025-3189

Stored Cross-Site Scripting XSS in DoWISP in versions prior to 1.16.2.50, which consists of an stored XSS through the upload of a profile picture in SVG format with malicious Javascript code in it...

CVE-2025-3189 Stored Cross-Site Scripting (XSS) in DoWISP

Stored Cross-Site Scripting XSS in DoWISP in versions prior to 1.16.2.50, which consists of an stored XSS through the upload of a profile picture in SVG format with malicious Javascript code in it...

GHSA-V2RR-FHV8-MX74 wp-svg-upload WordPress plugin vulnerable to Stored Cross-site Scripting

The wp-svg-upload WordPress plugin through 1.0.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...

CVE-2024-11847

The wp-svg-upload WordPress plugin through 1.0.0 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks...

Cross-site Scripting (XSS)

Overview org.webjars.bower:ContentTools is an A JS library for building WYSIWYG editors for HTML content Affected versions of this package are vulnerable to Cross-site Scripting XSS via the onload attribute in img that allows attackers to inject malicious Javascript code. Details Cross-site...

CVE-2025-2597 Reflected Cross-Site Scripting (XSS) vulnerability in ITIUM 6050

Reflected Cross-Site Scripting XSS in ITIUM 6050 version 5.5.5.2-b3526 from Impact Technologies. This vulnerability could allow an attacker to execute malicious Javascript code via GET and POST requests to the ‘/index.php’ endpoint and injecting code into the ‘idsession...

CVE-2025-2597

CVE-2025-2597 describes a reflected Cross-Site Scripting (XSS) vulnerability in Impact Technologies ITIUM 6050 (version 5.5.5.2-b3526 ). According to the sources, an attacker could execute arbitrary JavaScript by crafting GET/POST requests to the endpoint /index.php and injecting code via the par...

Impact Technologies ITIUM 6050 跨站脚本漏洞

The Impact Technologies ITIUM 6050 is a versatile thin client from Impact Technologies, Inc. that meets the needs of organizations that use multimedia and video solutions on a daily basis and are looking for robust functionality and image quality, such as videoconferencing, video surveillance,...

CVE-2024-0640 Stored XSS in chatwoot/chatwoot

A stored cross-site scripting XSS vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. This vulnerability allows an admin user to inject malicious JavaScript code via the dashboard app settings, which can then be executed by another admin user when they access the affected dashboard...

CVE-2024-6986 Cross-site Scripting (XSS) in parisneo/lollms-webui

A Cross-site Scripting XSS vulnerability exists in the Settings page of parisneo/lollms-webui version 9.8. The vulnerability is due to the improper use of the 'v-html' directive, which inserts the content of the 'fulltemplate' variable directly as HTML. This allows an attacker to execute maliciou...

Chatwoot 跨站脚本漏洞

Chatwoot is a Chatwoot open source application. Customer Engagement Suite, an open source alternative to Intercom, Zendesk, Salesforce Service Cloud, and more. A cross-site scripting vulnerability exists in Chatwoot versions 3.0.0 through 3.5.1. An attacker can exploit this vulnerability to injec...

CVE-2024-53970 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-25612

FS Inc S3150-8T2F prior to version S3150-8T2F2.2.0D135103 is vulnerable to Cross Site Scripting XSS in the Time Range Configuration functionality of the administration interface. An attacker can inject malicious JavaScript into the "Time Range Name" field, which is improperly sanitized. When this...

CVE-2025-25612

CVE-2025-25612 affects FS Inc S3150-8T2F: XS Scripting in the Time Range Configuration of the administration interface. The vulnerability stems from improper sanitization in the Time Range Name field, allowing an attacker to inject JavaScript that executes in any user browser (including admins) w...