CVE-2025-53932 WeGIA vulnerable to Reflected Cross-Site Scripting via endpoint 'cadastro_adotante.php' parameter 'cpf'

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the cadastroadotante.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to...

CVE-2025-53931 WeGIA vulnerable to Stored Cross-Site Scripting via endpoint `adicionar_raca.php` parameter `raca`

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionarraca.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject...

WordPress plugin JetSearch 跨站脚本漏洞

WordPress JetSearch is an AJAX-based search plugin for WordPress , designed for Elementor editor , providing a fast , flexible and beautiful search experience . WordPress JetSearch suffers from a cross-site scripting vulnerability that stems from improper input neutralization, which can be...

CVE-2025-7380 A stored Cross-Site Scripting (XSS) vulnerability exists in the Access Control of ADM

A stored Cross-Site Scripting XSS vulnerability exists in the Access Control of ADM, the issue allows an attacker to inject malicious scripts into the folder name field while creating a new shared folder. These scripts are not properly sanitized and will be executed when the folder name is...

CVE-2025-49547

Adobe Experience Manager versions 11.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse...

CVE-2025-49534

Adobe Experience Manager versions 11.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse...

CVE-2025-49540

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

WordPress Neom Blog Cross-Site Scripting Vulnerability

WordPress Neom Blog is a theme Theme for the WordPress platform, which is mainly used to create responsive websites, supporting the rapid construction of blogs, news, magazines, official corporate websites and other types of websites through a visual interface. WordPress Neom Blog suffers from a...

CVE-2025-53377

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the cadastrodependentepessoanova.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the idfuncionario parameter. This...

CVE-2025-53525

WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the profilefamiliar.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the iddependente parameter. This vulnerability is...

CVE-2025-49547

Adobe Experience Manager (AEM) versions 11.4 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability. A low-privileged attacker can inject malicious scripts into vulnerable form fields, potentially causing JavaScript to execute in a victim’s browser when visiting the page co...

CVE-2025-49547 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions FP11.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-49547 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions FP11.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-49534 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions FP11.4 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-49541

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2025-49541 ColdFusion | Cross-site Scripting (Stored XSS) (CWE-79)

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2025-49543

CVE-2025-49543 affects Adobe ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier with a stored Cross-Site Scripting (XSS) vulnerability. The issue allows a high-privileged attacker to inject malicious scripts into vulnerable form fields; malicious JavaScript can execute in a victim’s browser...

CVE-2025-49543 ColdFusion | Cross-site Scripting (Stored XSS) (CWE-79)

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2025-49540

CVE-2025-49540 describes a stored Cross-Site Scripting (XSS) vulnerability in Adobe ColdFusion affecting versions 2025.2, 2023.14, 2021.20 and earlier. The issue allows a high-privileged attacker to inject malicious scripts into vulnerable form fields, with malicious JavaScript executed in a vict...

CVE-2025-49540 ColdFusion | Cross-site Scripting (Stored XSS) (CWE-79)

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...