PT-2025-17538 · Tecnick · Tcexam

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue involves Multiple XSS CWE-79, which is a type of security vulnerability that allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized acce...

CVE-2025-3840

An improper neutralization of input vulnerability was identified in the End of Life EOL OVA based connect installer component which is deployed for installation purposes in a customer network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. An...

CVE-2025-3840 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

An improper neutralization of input vulnerability was identified in the End of Life EOL OVA based connect installer component which is deployed for installation purposes in a customer network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. An...

CVE-2025-3840

CVE-2025-3840 describes an XSS in the End of Life OVA Connect Installer component (Saviynt EOL OVA). The vulnerability stems from improper neutralization of input in the login form’s action parameter, enabling injected scripts under certain conditions. The component is deprecated since Sep 2023 w...

CVE-2025-0632

Local File Inclusion LFI vulnerability in a Render function of Formulatrix Rock Maker Web RMW allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download configuration files in known locations to...

CVE-2025-0632 Local File Inclusion (LFI) leading to sensitive data exposure

Local File Inclusion LFI vulnerability in a Render function of Formulatrix Rock Maker Web RMW allows a remote attacker to obtain sensitive data via arbitrary code execution. A malicious actor could execute malicious scripts to automatically download configuration files in known locations to...

Cross-Site Scripting (XSS)

verbb/formie is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper output escaping when previewing imported form data, which allows an attacker to inject malicious scripts via tampered field labels or handles in the JSON export...

PT-2025-17081 · Unknown · Firedrum Email Marketing

Name of the Vulnerable Software and Affected Versions: FireDrum Email Marketing versions 1.64 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers ...

SoftCOM iKSORIS 跨站脚本漏洞

SoftCOM iKSORIS is an application from SoftCOM, Inc. A cross-site scripting vulnerability exists in SoftCOM iKSORIS versions prior to 79.0 that stems from a stored cross-site scripting attack that could lead to malicious script execution...

PT-2025-16227 · Softcom · Softcom Iksoris Internet Starter

Name of the Vulnerable Software and Affected Versions: SoftCOM iKSORIS Internet Starter versions prior to 79.0 Description: The issue is related to Stored XSS Cross-site Scripting attacks. An attacker might trick a user into filling a form designed for changing user's data with a malicious script...

PT-2025-16076 · Woocommerce · Aba Payway Payment Gateway For Woocommerce

Name of the Vulnerable Software and Affected Versions: ABA PayWay Payment Gateway for WooCommerce versions prior to 2.1.3 Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected Cross-site Scripting XSS. This enables an attacker...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the fallback error renderer. An attacker can manipulate the output displayed to the user by injecting malicious scripts into the input that is reflected in error messages. Note: This is only exploitable ...

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the Wikimedia USA Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki suffers from a security vulnerability that stems from allowing malicious scripts to...

CVE-2025-27205

Adobe Experience Manager Screens versions FP11.3 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when...

CVE-2025-27205

Adobe Experience Manager Screens FP11.3 and earlier are affected by a stored XSS (CWE-79) in vulnerable form fields. Exploitation requires a user to click a malicious link; impact is execution of JavaScript in the victim’s browser. Remediation per APSB25-32 is a security update from Adobe (update...

CVE-2025-27205 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager Screens versions FP11.3 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when...

Cross-Site Scripting (XSS)

gifplayer is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization or output escaping. Specifically, the application fails to properly handle or sanitize user-supplied input before including it in the webpage, which allows attackers to inject and...

PT-2025-15621 · Adobe · Experience Manager Screens

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager Screens versions FP11.3 and earlier Description: The issue is a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form field...

Yelp -- arbitrary file read

[email protected] reports: A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...

Cross-site Scripting (XSS)

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via a Link field. An attacker with edit access via core web services, or a contrib or custom module...