CVE-2025-59415 Frappe Learning vulnerable to Malicious Content upload via Profile bio field

Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be used to execute...

CVE-2025-59415 Frappe Learning vulnerable to Malicious Content upload via Profile bio field

Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be used to execute...

CVE-2025-59415

CVE-2025-59415 affects Frappe Learning, versions 2.34.1 and earlier, where profile bio content wasn’t properly sanitized. This allows malicious SVGs to execute scripts in other users’ contexts, per multiple sources. The vulnerability arises from inadequate content sanitization in profile bios. Re...

CVE-2025-59415 Frappe Learning vulnerable to Malicious Content upload via Profile bio field

Frappe Learning is a learning system that helps users structure their content. In versions 2.34.1 and below, there is a security vulnerability in Frappe Learning where the system did not adequately sanitize the content uploaded in the profile bio. Malicious SVG files could be used to execute...

CVE-2025-9826

Stored cross-site scripting vulnerability in M-Files Hubshare before version 25.8 allows authenticated attackers to cause script execution for other users...

CVE-2025-10143

CVE-2025-10143 affects the WordPress plugin Catch Dark Mode. All versions up to and including 2.0 are vulnerable to Local File Inclusion via the catch_dark_mode shortcode, allowing authenticated users with Contributor-level access or higher to include and execute arbitrary PHP files on the server...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the comliferayportalsearchwebportletSearchPortletuserId parameter. An attacker can execute arbitrary web scripts or inject malicious HTML by supplying crafted input. Details Cross-site scripting or XSS is a...

PT-2025-38279

Name of the Vulnerable Software and Affected Versions: Frappe Learning versions 2.34.1 and below Description: Frappe Learning does not adequately sanitize content uploaded in the profile bio. This allows for the execution of arbitrary scripts in the context of other users through malicious SVG...

Frappe Learning 跨站脚本漏洞

Frappe Learning is an easy-to-use open source learning management system from Frappe Open Source. A cross-site scripting vulnerability exists in Frappe Learning version 2.34.1 and prior versions, which stems from not adequately cleaning up uploaded content in personal profiles, and could lead to ...

CVE-2025-37129

A vulnerable feature in the command line interface of EdgeConnect SD-WAN could allow an authenticated attacker to exploit built-in script execution capabilities. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system if the feature is...

CVE-2025-37129 Authenticated Remote Code Execution allows Exploit in Scripts Feature

A vulnerable feature in the command line interface of EdgeConnect SD-WAN could allow an authenticated attacker to exploit built-in script execution capabilities. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system if the feature is...

CVE-2025-37129

CVE-2025-37129 describes a vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways . An authenticated attacker could exploit the built-in script execution capability to execute arbitrary commands on the underlying operating system if the feature is enabled ...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the formtodatabase exten. An attacker can execute arbitrary scripts in the context of the user's browser by injecting malicious input. Details Cross-site scripting or XSS is a code vulnerability that occurs...

Unmark Marks.php file cross-site scripting vulnerability

Unmark is an open source to-do list application for bookmarking. Unmark 1.9.3 and earlier versions have a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter Title in the file /application/controllers/Marks.php,...

PT-2025-38089

Name of the Vulnerable Software and Affected Versions: EdgeConnect SD-WAN affected versions not specified Description: A vulnerable feature in the command line interface of EdgeConnect SD-WAN could allow an authenticated attacker to exploit built-in script execution capabilities. Successful...

CVE-2025-9826

Stored cross-site scripting vulnerability in M-Files Hubshare before version 25.8 allows authenticated attackers to cause script execution for other users...

CVE-2025-9826

Stored cross-site scripting vulnerability in M-Files Hubshare before version 25.8 allows authenticated attackers to cause script execution for other users...

CVE-2025-9826

Stored cross-site scripting vulnerability in M-Files Hubshare before version 25.8 allows authenticated attackers to cause script execution for other users...

M-Files Hubshare 安全漏洞

M-Files Hubshare is a collaboration solution from M-Files, Inc. designed to seamlessly share files, documents, and collaborative content. A security vulnerability exists in M-Files Hubshare versions prior to 25.8, which stems from stored cross-site scripting and could lead to script execution by...

Unmark 代码注入漏洞

Unmark is an open source to-do list application for bookmarking. Unmark 1.9.3 and earlier versions have a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter Title in the file /application/controllers/Marks.php,...