EUVD-2025-209974

IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting XSS. This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended...

CVE-2025-3633

CVE-2025-3633 affects IBM Cognos Analytics (versions 11.2.0, 11.2.4, 12.0, 12.1.0) and IBM Cognos Transformer (11.2.4, 12.0, 12.1.0). The vulnerability is a cross-site scripting (XSS) issue in the web UI that could allow a remote attacker to inject arbitrary JavaScript, potentially leading to dis...

CVE-2025-3633 IBM Cognos Analytics is affected by multiple security vulnerabilities

IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting XSS. This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended...

svelte vulnerable to Cross-site Scripting

Summary An XSS vulnerability exists in Svelte 5.46.0-2 resulting from improper escaping of hydratable keys. If these keys incorporate untrusted user input, arbitrary JavaScript can be injected into server-rendered HTML. Details When using the hydratable function, the first argument is used as a k...

EUVD-2017-18355

Malware in sbrugna...

EUVD-2021-28579

Malicious code in bioql PyPI...

CVE-2025-4599

The fragment preview functionality in Liferay Portal 7.4.3.61 through 7.4.3.132, and Liferay DXP 2024.Q4.1 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 update 61 through update 92 was found to be vulnerable to postMessage-base...

CVE-2025-4599

The fragment preview functionality in Liferay Portal 7.4.3.61 through 7.4.3.132, and Liferay DXP 2024.Q4.1 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.13 and 7.4 update 61 through update 92 was found to be vulnerable to postMessage-base...

CVE-2021-29387

Multiple stored cross-site scripting XSS vulnerabilities in Sourcecodester Equipment Inventory System 1.0 allow remote attackers to inject arbitrary javascript via any "Add" sections, such as Add Item , Employee and Position or others in the Name Parameters...

CVE-2005-4204

Cross-site scripting XSS vulnerability in LogiSphere 0.9.9j allows remote attackers to inject arbitrary Javascript via the msg command. NOTE: due to lack of appropriate details by the original researcher, it is unclear whether this issue is distinct from the msg DoS...

PT-2025-19795 · Unknown +1 · League/Commonmark +1

Name of the Vulnerable Software and Affected Versions: league/commonmark versions 1.5.0 through 2.6.x Description: A cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library allows remote attackers to insert malicious JavaScript calls into HTML. The...

CVE-2025-3760

CVE-2025-3760 is a stored XSS vulnerability in Liferay Portal (radio button type custom fields) affecting Portal 7.2.0–7.4.3.129 and Liferay DXP 2024.Q1–Q4, 2023 Q3–Q4, and related GA/update branches. The underlying issue is injection of malicious JavaScript into a page by remote authenticated at...

CVE-2023-48042

Cross Site Scripting XSS in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code...

Tasmota 跨站脚本漏洞

Tasmota is a replacement firmware for the ESP8266 with easy configuration using the webUI, OTA updates, automation using timers or rules, scalability, and full local control over MQTT, HTTP, serial or KNX. A security vulnerability exists in Tasmota firmware version 6.5.0 that could allow a remote...

Ragic 跨站脚本漏洞

Ragic is a No Code enterprise e-enablement tool from China Immediate Technology Ragic. A cross-site scripting vulnerability exists in versions of Ragic prior to 2022/06/28, which stems from insufficient filtering of special characters on the report generation page and can be exploited by a remote...

欣学英资讯 webopac7 跨站脚本漏洞

XinXueYing Info Webopac7 is an online public access catalog of China XinXueYing Info. It is used for users to access library services over the Internet. A cross-site scripting vulnerability exists in XinXueYing Info webopac7, which originates from a book search field parameter that does not...

CVE-2021-41563

Tad Book3 editing book function does not filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks...

Rocket.Chat 跨站脚本漏洞

Rocket.Chat is an open source team chat software. A cross-site scripting vulnerability exists in versions prior to Rocket.Chat 3.11, 3.10.5, 3.9.7, and 3.8.8 that allows remote attackers to inject arbitrary JavaScript into messages...

CVE-2021-29025

A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/myimages.php URI...

CVE-2021-29032

A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/preferences.php URI...