CVE-2025-42962

CVE-2025-42962 affects SAP Business Warehouse (Business Explorer Web). An attacker can craft a malicious link; when an authenticated user opens it, a script executes in the victim’s browser, impacting confidentiality and integrity. Availability is not affected. The issue is tied to cross-site scr...

PT-2025-28748 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier Description: The issue is a stored Cross-Site Scripting XSS vulnerability that could be exploited by a high-privileged attacker to inject malicious scripts into vulnerable form fields...

CVE-2025-53599

Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme...

CVE-2025-53599

Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme...

CVE-2025-53599

Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme...

WordPress plugin Neom Blog 跨站脚本漏洞

WordPress Neom Blog is a theme Theme for the WordPress platform, which is mainly used to create responsive websites, supporting the rapid construction of blogs, news, magazines, official corporate websites and other types of websites through a visual interface. WordPress Neom Blog suffers from a...

Naver Whale browser for iOS 安全漏洞

Naver Whale browser for iOS is a browser from the South Korean company Naver. A security vulnerability exists in Naver Whale browser for iOS prior to version 3.9.1.4206, which originates from a specially crafted JavaScript scheme that could lead to the execution of malicious scripts...

PT-2025-27226 · Re.Place · Re.Place

Name of the Vulnerable Software and Affected Versions: re.place versions 0.2.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on the web application, potential...

PT-2025-27194 · WordPress · Wp Visual Sitemap

Name of the Vulnerable Software and Affected Versions: WP Visual Sitemap versions 1.0.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject...

PT-2025-27217 · Unknown · Raise The Money

Name of the Vulnerable Software and Affected Versions: Raise The Money versions n/a through 5.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting'. Specifically, it is a DOM-Based XSS vulnerability, which allows...

PT-2025-27201 · Unknown · Douglaskarr Podcast Feed Player Widget/Shortcode

Name of the Vulnerable Software and Affected Versions: douglaskarr Podcast Feed Player Widget and Shortcode versions 2.2.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This...

Cross-Site Scripting (XSS)

changedetectionio is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input sanitization of filter errors in website page change detection watches, allows an attacker to inject and execute malicious scripts in the context of a victim's browser...

Cross-Site Scripting (XSS)

dnn.platform is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input validation and sanitization in the Activity Feed Attachments endpoint, allowing malicious scripts to be injected and rendered...

CVE-2025-49582

XWiki is a generic wiki platform. When editing content that contains "dangerous" macros like malicious script macros that were authored by a user with fewer rights, XWiki warns about the execution of these macros since XWiki 15.9RC1. These required rights analyzers that trigger these warnings are...

CVE-2025-49582 XWiki's required right warnings for macros are incomplete

XWiki is a generic wiki platform. When editing content that contains "dangerous" macros like malicious script macros that were authored by a user with fewer rights, XWiki warns about the execution of these macros since XWiki 15.9RC1. These required rights analyzers that trigger these warnings are...

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform versions 8.2, 7.4.5 through 17.1.0-rc-1, 16.10.4, and 16.4.7, which stems from a page that may gain scripting or programming privileges that...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-14995)

Adobe Experience Manager is a comprehensive content management solution from Adobe. A cross-site scripting vulnerability exists in Adobe Experience Manager, which stems from the vulnerability of form fields to stored cross-site scripting attacks. An attacker can exploit the vulnerability to cause...

CVE-2025-47074

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-47047

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-47012

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...