CVE-2025-66606

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scripts. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...

CVE-2025-66601

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. When an attacker performs a content sniffing attack, malicious scripts could be executed. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVR...

PT-2026-7049

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not specify MIME types. When an attacker performs a content sniffing attack, malicious scripts could be executed. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVR...

Yokogawa FAST/TOOLS 安全漏洞

Yokogawa FAST/TOOLS is a real-time operation management and visualization software developed by Yokogawa Electric Corporation. There are security vulnerabilities in the versions of Yokogawa FAST/TOOLS from R9.01 to R10.04. These vulnerabilities stem from the lack of specifying MIME types, which m...

CVE-2020-37125

Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands through the /goform/mp endpoint. Attackers can exploit the vulnerability by sending crafted POST requests with command injection payloads to download a...

CVE-2020-37072

Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'commentauthor' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through the comment submission form to execute arbitrary code in victim browsers...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the SVG file upload process. An attacker can execute arbitrary scripts in the context of a user's browser session by uploading a specially crafted SVG file. Details Cross-site scripting or XSS is a code...

CVE-2020-37023 Koken CMS 0.22.24 - Arbitrary File Upload

Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with system command execution capabilities by manipulating the file upload request through a web proxy a...

EUVD-2020-30961

Sellacious eCommerce 4.6 contains a persistent cross-site scripting vulnerability in the Manage Your Addresses module that allows attackers to inject malicious scripts. Attackers can exploit multiple address input fields like full name, company, and address to execute persistent script code that...

Koken CMS code-related vulnerabilities

Koken CMS is a content management system developed by Todd Dominey. Version 0.22.24 of Koken CMS has code vulnerabilities; these vulnerabilities stem from an extension name limitation in the file upload function, which may allow the upload of malicious PHP files and the execution of system comman...

CVE-2018-25132

MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget...

CVE-2021-47906

CVE-2021-47906 affects BloofoxCMS 0.5.2.1, with a stored cross-site scripting (XSS) vulnerability in the articles text parameter. The root cause is unfiltered user input in the text field, allowing authenticated attackers to inject JavaScript payloads that can execute in other users’ browsers and...

PT-2026-4508

Name of the Vulnerable Software and Affected Versions PEEL Shopping version 9.3.0 Description PEEL Shopping 9.3.0 has a stored cross-site scripting issue in the 'Comments / Special Instructions' parameter of the purchase page. An attacker can inject malicious JavaScript payloads that execute when...

CVE-2021-47851

Mini Mouse 9.2.0 is affected by a remote code execution vulnerability exposed via an unauthenticated HTTP endpoint. The issue allows an attacker to download and execute payloads by sending crafted JSON to /op=command, resulting in arbitrary command execution with network access and high confident...

CVE-2025-41084

Stored Cross-Site Scripting XSS vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are...

CVE-2025-41084 Stored Cross-Site Scripting (XSS) in Sesame web application

Stored Cross-Site Scripting XSS vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request using the 'logo' parameter in '/api/v3/companies//logo', which are...

Cross-site Scripting (XSS)

Vaadin Framework is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to action captions accepting unsanitized HTML content by default, which allows an attacker to inject and execute malicious scripts when user-controlled input is rendered in UI components...

PT-2026-2422

Name of the Vulnerable Software and Affected Versions Jetpack version 11.4 Description The software contains a cross-site scripting issue within the contact form module. An attacker can inject malicious scripts through the post id parameter. By crafting malicious URLs with script payloads, an...

CVE-2023-4821

The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts...

CVE-2024-39307

Kavita is a cross platform reading server. Opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Kavita doesn't sanitize or sandbox the contents of epubs, allowing scripts inside ebooks to execute. This vulnerability was patched in version 0.8.1...