CVE-2025-60796

CVE-2025-60796 affects phpPgAdmin 7.13.0 and earlier, with multiple reflected XSS vulnerabilities across components (e.g., sequences.php, indexes.php, admin.php, and other files). User input from $_REQUEST is echoed into HTML without proper encoding or sanitization, enabling attackers to execute ...

PT-2025-47581

phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting XSS vulnerabilities across various components. User-supplied input from $ REQUEST parameters is reflected in HTML output without proper encoding or sanitization in multiple locations including sequences.php, indexes.php,...

GHSA-J8CQ-7F6P-256X LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`

Summary A Reflected Cross-Site Scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without proper output encoding or sanitization, allowing an attacker to craft a URL that, when visited ...

Telerik UI for ASP.NET AJAX Unsafe Reflection

According to its self-reported version number, the version of Telerik UI for ASP.NET AJAX is affected by an unsafe reflection vulnerability resulting in denial of service and advanced attacks scenarios. Note that the scanner has not tested for these issues but has instead relied only on the...

CVE-2025-63419

Cross Site Scripting XSS vulnerability in CrushFTP 11.3.648. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection...

CVE-2025-64711 PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users

PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on...

EUVD-2025-131917

Cross Site Scripting XSS vulnerability in CrushFTP 11.3.648. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection...

CVE-2025-63419

Cross Site Scripting XSS vulnerability in CrushFTP 11.3.648. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection...

CVE-2025-63419

Cross Site Scripting XSS vulnerability in CrushFTP 11.3.648. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection...

CVE-2025-63690

In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system management module, it is possible to execute any Java class with a parameterless constructor and its methods with parameter type String through reflection. At this time, th...

EUVD-2025-38290

In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system management module, it is possible to execute any Java class with a parameterless constructor and its methods with parameter type String through reflection. At this time, th...

CVE-2025-63690

In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system management module, it is possible to execute any Java class with a parameterless constructor and its methods with parameter type String through reflection. At this time, th...

CVE-2025-63690

In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system management module, it is possible to execute any Java class with a parameterless constructor and its methods with parameter type String through reflection. At this time, th...

CVE-2025-63690

The vulnerability CVE-2025-63690 affects pig-mesh Pig versions 3.8.2 and earlier, in the Quartz management function under the system management module. The issue stems from allowing reflection to instantiate any Java class with a parameterless constructor and invoke methods with String parameters...

pig 安全漏洞

pig is a privilege management system for pig-mesh open source. A security vulnerability exists in pig 3.8.2 and earlier versions, which originates in the Quartz management feature that can execute arbitrary Java classes via reflection, potentially leading to remote code execution...

CVE-2025-63690

In pig-mesh Pig versions 3.8.2 and below, when setting up scheduled tasks in the Quartz management function under the system management module, it is possible to execute any Java class with a parameterless constructor and its methods with parameter type String through reflection. At this time, th...

PT-2025-45450

Name of the Vulnerable Software and Affected Versions pig-mesh versions 3.8.2 and below Description The software contains a flaw that allows for remote code execution. Specifically, when configuring scheduled tasks within the Quartz management function, located in the system management module, it...

EUVD-2025-38066

A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...

CVE-2025-63589

CMSimple_XH 1.8 is affected by a reflected XSS in the index.php router: attacker-controlled path segments are not sanitized/encoded before being inserted into generated HTML (navigation links, breadcrumbs, search form action, footer links), allowing arbitrary JavaScript in victims’ browsers via a...

CVE-2025-63589

A reflected XSS vulnerability exists in CMSimpleXH 1.8's index.php router when attacker-controlled path segments are not sanitized or encoded before being inserted into the generated HTML navigation links, breadcrumbs, search form action, footer links. An attacker-controlled string placed in the...