CVE-2025-5770

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling...

PT-2025-45503

Name of the Vulnerable Software and Affected Versions TechStore version 1.0 Description TechStore version 1.0 is susceptible to Cross Site Scripting XSS. The issue occurs in the /search results API endpoint through the q parameter. An attacker could potentially inject malicious scripts into the w...

PT-2025-45497

Name of the Vulnerable Software and Affected Versions Sourcecodester Medicine Reminder App version 1.0 Description The application is susceptible to Cross-Site Scripting XSS. An attacker can inject potentially malicious HTML/JavaScript code into the "Medicine Name" and "Notes Optional" fields whe...

CVE-2025-10853

A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...

CVE-2025-10853 Reflected Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products Due to Improper Output Encoding

A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...

CVE-2025-10853

Summary: CVE-2025-10853 is a reflected XSS vulnerability in the management console of multiple WSO2 products caused by improper output encoding. The issue allows a malicious actor to tamper with specific parameters to inject arbitrary JavaScript into responses, potentially leading to UI manipulat...

EUVD-2025-37927

A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...

CVE-2025-10853 Reflected Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products Due to Improper Output Encoding

A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...

CVE-2025-5770 Reflected Cross-Site Scripting (XSS) in Authentication Endpoints of Multiple WSO2 Products

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling...

EUVD-2025-37921

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling...

PT-2025-45157

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description A reflected cross-site scripting XSS issue exists in the authentication endpoints of WSO2 products because of insufficient output encoding. An attacker can inject JavaScript payloads in...

PT-2025-44774

Name of the Vulnerable Software and Affected Versions Water Management System version 1.0 Description Water Management System version 1.0 is susceptible to Cross Site Scripting XSS attacks. The issue is located in the /add customer.php endpoint. The vulnerability allows attackers to inject...

PT-2025-44632

Name of the Vulnerable Software and Affected Versions BEO GmbH BEO Atlas Einfuhr Ausfuhr version 3.0 Description A reflected cross-site scripting XSS issue exists in BEO GmbH BEO Atlas Einfuhr Ausfuhr 3.0. This allows attackers to execute arbitrary code within a user’s browser. Exploitation occur...

CVE-2018-25122

Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled input and lacked sufficient validation and output encoding, allowing an authenticated user to inje...

CVE-2018-25122

Nagios XI

Cross-site Scripting

com.liferay.account.admin.web is vulnerable to Cross-Site Scripting. The vulnerability is due to insufficient input validation and improper output encoding due to the Account "Name" text field. This allows an attacker can inject a crafted payload into that field which is stored and later rendered...

PT-2025-43999

Name of the Vulnerable Software and Affected Versions Rubikon Banking Solution version 4.0.3 Description A reflected cross-site scripting issue exists in the "Search For Customers Information" endpoints of Rubikon Banking Solution. This allows for the injection of malicious scripts through...

Revive Adserver: Improper sanitisation of input in the settings could cause DoS

A vulnerability was found in the settings functionality of the application where attacker-controlled values in the emailfromName and emailfromCompany fields were persisted and later rendered to pages without proper output encoding. This could have led to the execution of arbitrary JavaScript in t...

CVE-2025-60280

Cross-Site Scripting XSS vulnerability in Bang Resto v1.0 could allow an attacker to inject malicious JavaScript code into the application's web pages. This vulnerability exists due to insufficient input sanitization or output encoding, allowing attacker-controlled input to be rendered directly i...

EUVD-2025-35187

Cross-Site Scripting XSS vulnerability in Bang Resto v1.0 could allow an attacker to inject malicious JavaScript code into the application's web pages. This vulnerability exists due to insufficient input sanitization or output encoding, allowing attacker-controlled input to be rendered directly i...