CVE-2025-55029 Malicious scripts could spam popups for denial of service attacks

Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks. This vulnerability was fixed in Firefox for iOS 142...

CVE-2025-55029

CVE-2025-55029 affects Mozilla Firefox for iOS prior to version 142. The issue allows malicious scripts to bypass the popup blocker and spam new tabs, potentially leading to a denial-of-service condition. Root cause is exploitation of popup-blocking bypass in Firefox for iOS; median impact is ava...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the message boards feature available through the web interface. An attacker can execute arbitrary JavaScript code in the context of other users by injecting malicious scripts into messages. Details Cross-sit...

CVE-2025-55006 Frappe Learning Holds Potential for Malicious SVG Upload in Image Upload Feature

Frappe Learning is a learning system that helps users structure their content. In versions 2.33.0 and below, the image upload functionality did not adequately sanitize uploaded SVG files. This allowed users to upload SVG files containing embedded JavaScript or other potentially malicious content...

CVE-2025-32430 XWiki Platform contains Reflected XSS vulnerability in two templates

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-3 through 16.4.7, 16.5.0-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, two templates contain reflected XSS vulnerabilities, allowing an attacker to execute...

CVE-2025-46958

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-46958 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

PT-2025-31978 · WordPress · Asset-Manager

Name of the Vulnerable Software and Affected Versions: Asset-Manager for Wordpress versions 2.0 and earlier Description: The Wordpress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint does not properly validate...

Cross-site Scripting (XSS)

Mezzanine CMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization due to failure to filter user-supplied input in the /blog/blogpost/add component, allowing injection of malicious scripts into blog posts...

CVE-2025-47001

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

Cross-site Scripting (XSS)

github.com/goharbor/harbor is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to unsanitized content in the markdown field on the info tab page, which allows injection of malicious scripts...

CVE-2025-47001

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-47001

Adobe Experience Manager (AEM) versions 6.5.22 and earlier are affected by a stored XSS vulnerability in vulnerable form fields. The root cause is inadequate input filtering/escaping, allowing attacker with low privileges and requiring user interaction to inject malicious JavaScript that executes...

CVE-2025-47001 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

WordPress Taeggie Feed Cross-Site Scripting Vulnerability

WordPress Taeggie Feed is a plugin on WordPress that is mainly used to integrate social media content into a website, supporting dynamic syndication on platforms like Facebook, Instagram, Twitter and LinkedIn. WordPress Taeggie Feed suffers from a cross-site scripting vulnerability that originate...

PT-2025-31137 · Unknown · Commentbox

Name of the Vulnerable Software and Affected Versions: CommentBox versions 1.0.0 through 1.1.0 Description: A stored cross-site scripting XSS issue exists in the CommentBox component. This allows for the injection of malicious scripts into the application through the component. Recommendations:...

CVE-2025-47061

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-46993

Summary of CVE-2025-46993 (Adobe Experience Manager) : AEM versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that can be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may execute in ...

CVE-2025-46993 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-47061

Adobe Experience Manager (AEM) versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. The issue allows a low-privileged attacker to inject malicious scripts, with malicious JavaScript potentially executed in the victim’s browser wh...