PT-2025-25041 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing a low-privileged attacker to inject malicious scripts into vulnerable form fields. When a victim browses ...

PT-2025-24993 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: The issue is a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. When ...

PT-2025-25150 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing a low-privileged attacker to inject malicious scripts into vulnerable form fields. When a victim browses ...

PT-2025-25051 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing a low-privileged attacker to inject malicious scripts into vulnerable form fields. When a victim browses ...

PT-2025-25074 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing a low-privileged attacker to inject malicious scripts into vulnerable form fields. When a victim browses ...

PT-2025-31934 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: Adobe Experience Manager versions 6.5.22 and earlier are susceptible to a stored Cross-Site Scripting XSS issue. A low-privileged attacker can exploit this to inject malicious...

PT-2025-25126 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing a low-privileged attacker to inject malicious scripts into vulnerable form fields. When a victim browses ...

PT-2025-24485 · Unknown · Lambertgroup Sticky Radio Player

Name of the Vulnerable Software and Affected Versions: LambertGroup Sticky Radio Player versions n/a through 3.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential...

PT-2025-24508 · Click5 · Click5 History Log

Name of the Vulnerable Software and Affected Versions: History Log by click5 versions 1.0.0 through 1.0.13 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can...

PT-2025-24165 · Unknown · Debashish Iframe Widget

Name of the Vulnerable Software and Affected Versions: Debashish IFrame Widget versions n/a through 4.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can...

CVE-2025-30359

webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when they access a malicious web site. Because the request for classic script by a script tag is not subject to same...

PT-2025-23304 · Unknown +1 · Collaborative Industry Innovator +1

Name of the Vulnerable Software and Affected Versions: Collaborative Industry Innovator versions R2022x through R2025x Description: A stored Cross-site Scripting XSS vulnerability in 3D Markup allows an attacker to execute arbitrary script code in a user's browser session. This issue affects the...

PT-2025-23305 · Unknown · Service Process Engineer

Name of the Vulnerable Software and Affected Versions: Service Process Engineer versions 3DEXPERIENCE R2024x through 3DEXPERIENCE R2025x Description: A stored Cross-site Scripting XSS issue affects Service Items Management in Service Process Engineer, allowing an attacker to execute arbitrary...

Cross-site Scripting (XSS)

chrome-php/chrome is vulnerable to cross-site scripting XSS. The vulnerability is due to improper encoding due to CSS Selector expressions not being properly escaped, allowing injection of malicious scripts...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper filtering of repository URLs in the UI. An attacker can execute unauthorized API actions via the victim's session by injecting malicious JavaScript through crafted links. Details Cross-site...

Cross-Site Scripting (XSS)

dotnetnuke.core is vulnerable to cross-site scripting XSS. The vulnerability is due to improper validation or sanitization of specially crafted URLs, allowing malicious scripts to be injected and executed through certain module actions...

Cross-Site Scripting (XSS)

dotnetnuke.core is vulnerable to cross-site scripting XSS. The vulnerability is due to uploaded SVG files containing scripts that, when rendered inline. It allows an attacker to execute malicious scripts in the context of the user’s browser...

CVE-2025-40652 Cross-Site Scripting (XSS) in CoverManager

Stored Cross-Site Scripting XSS vulnerability in the CoverManager booking software. This allows an attacker to inject malicious scripts into the application, which are permanently stored on the server. The malicious scripts are executed in the browser of any user visiting the affected page withou...

PT-2025-22894 · Unknown · Covermanager

Name of the Vulnerable Software and Affected Versions: CoverManager affected versions not specified Description: The issue is a Stored Cross-Site Scripting XSS vulnerability in the CoverManager booking software. This allows an attacker to inject malicious scripts into the application, which are...

CVE-2025-23037

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the control.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the...