Moodle 安全漏洞

Moodle is an open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in Moodle. The vulnerability stems from insufficient cleanup and leads to a cross-site scripting...

GHSA-V4Q9-437P-MHPG Leantime allows Cross Site Scripting (XSS) and SQL Injection (SQLi)

Summary A cross-site scripting XSS vulnerability has been identified in Leantime. The vulnerability allows an attacker to inject malicious scripts into certain fields, potentially leading to the execution of arbitrary code or unauthorized access to user-sensitive information. The code does not...

Leantime allows Cross Site Scripting (XSS) and SQL Injection (SQLi)

Summary A cross-site scripting XSS vulnerability has been identified in Leantime. The vulnerability allows an attacker to inject malicious scripts into certain fields, potentially leading to the execution of arbitrary code or unauthorized access to user-sensitive information. The code does not...

D-Link DIR-816 Code Injection Vulnerability

The D-Link DIR-816 is a wireless router from China's AUO D-Link. A code injection vulnerability exists in the D-Link DIR-816 version 1.01TO, which stems from the fact that incorrect operation of the parameter SSID can lead to cross-site scripting attacks. The vulnerability can be exploited by an...

CVE-2024-54958

Nagios XI 2024R1.2.2 is susceptible to a stored Cross-Site Scripting (XSS) vulnerability in the Tools page. The flaw allows an attacker to inject malicious scripts into the Tools interface, which are then stored and executed in the context of other users who access the page. No explicit exploit d...

CVE-2024-53974

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2024-53974

CVE-2024-53974 affects Adobe Experience Manager (AEM) 6.5.21 and earlier, with a stored XSS vulnerability in vulnerable form fields that could be exploited by a low-privileged attacker (requires user interaction) to inject malicious scripts executed in a victim’s browser. Connected sources confir...

CVE-2024-53974 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2024-13522

The magayo Lottery Results plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.12. This is due to missing or incorrect nonce validation on the 'magayo-lottery-results' page. This makes it possible for unauthenticated attackers to update...

Cross-Site Scripting (XSS)

org.apache.atlas, apache-atlas is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization, allowing an authenticated user to inject malicious scripts...

CVE-2025-0924 WP Activity Log <= 5.2.2 - Unauthenticated Stored Cross-Site Scripting

The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

Adobe Commerce Cross-Site Scripting Vulnerability (CNVD-2025-05695)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A cross-site scripting vulnerability exists in Adobe Commerce, which can be exploited by an attacker to inject malicious script into vulnerable form...

CVE-2025-24428

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

CVE-2025-24415

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

CVE-2025-24438

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

CVE-2025-24416

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

Cross-Site Scripting (XSS)

redaxo/source is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of the "Article Name" argument in the Structure Management Page, allowing remote attackers to inject malicious scripts...

Magento stored Cross-Site Scripting (XSS) vulnerability

Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

GHSA-MM87-RRQX-94CR Magento stored Cross-Site Scripting (XSS) vulnerability

Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...

GHSA-8884-7RM9-MRX4 Magento stored Cross-Site Scripting (XSS) vulnerability

Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed...