CVE-2025-30315

Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing t...

CVE-2025-30314

Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing t...

CVE-2025-30316

Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the pag...

CVE-2025-30316 Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the pag...

CVE-2025-30314

CVE-2025-30314 (Adobe Connect) affects Adobe Connect versions 12.8 and earlier due to a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. The underlying issue allows an attacker to inject malicious scripts, which may execute in a victim’s browser when they load the page c...

Cross-Site Scripting (XSS)

mezzanine is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the "View Entries" feature within the Forms module, which allows an attacker to inject malicious scripts that execute in the context of another user's session...

PT-2025-21046 · Adobe · Connect

Name of the Vulnerable Software and Affected Versions: Adobe Connect versions 12.8 and earlier Description: The issue is a reflected Cross-Site Scripting XSS vulnerability that could be exploited by an attacker to inject malicious scripts into vulnerable form fields. When a victim accesses the pa...

PT-2025-21043 · Adobe · Connect

Name of the Vulnerable Software and Affected Versions: Adobe Connect versions 12.8 and earlier Description: A stored Cross-Site Scripting XSS issue affects Adobe Connect, allowing a low-privileged attacker to inject malicious scripts into vulnerable form fields. When a victim browses to the page...

Cross-Site Scripting (XSS)

yeswiki/yeswiki is vulnerable to reflected cross-site scripting. The vulnerability is due to insufficient sanitization of user-supplied input in URL parameters, which allows malicious scripts to be injected and executed in the context of a user's browser...

PT-2025-20122 · Unknown · Themepoints Logo Showcase

Name of the Vulnerable Software and Affected Versions: themepoints Logo Showcase versions 3.0.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means that an attacker...

HAL Cross Site Scripting (XSS) vulnerability of user input when storing it in a data store

A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scrip...

CVE-2025-32974

XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is content on the page...

CVE-2025-32974 org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type

XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is content on the page...

CVE-2025-32974

Summary of CVE-2025-32974 (XWiki platform): The issue arises in XWiki versions 15.9-rc-1 to 15.10.7, and 16.0.0-rc-1 to 16.1.x, where the required rights analysis does not consider TextAreas with the default content type. When editing a page, a malicious script could be injected and executed afte...

CVE-2025-32974 org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type

XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is content on the page...

org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type

Impact When editing a page, XWiki warns since version 15.9 when there is content on the page like a script macro that would gain more rights due to the editing. This analysis doesn't consider certain kinds of properties, allowing a user to put malicious scripts in there that will be executed afte...

CVE-2025-3866 Add Google +1 (Plus one) social share Button <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Add Google +1 Plus one social share Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the google-plus-one-share-button page. This makes it possible for unauthenticated...

CVE-2025-3867

CVE-2025-3867 (Ajax Comment Form CST for WordPress) is a CSRF to Stored XSS vulnerability in all versions up to 1.2, caused by missing/incorrect nonce validation on the acform_cst_settings page. Unauthenticated attackers could induce a site admin to perform actions that update settings and inject...

Cross-Site Scripting (XSS)

@sveltejs/kit is vulnerable to cross-site scripting XSS. The vulnerability is due to improper sanitization of search parameter names when iterating over event.url.searchParams in server load functions, allowing attackers to inject malicious scripts via crafted URLs...

CVE-2025-1731

An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...