CVE-2025-20342 Cisco Integrated Management Controller Virtual Keyboard Video Monitor (vKVM) Stored Cross-Site Scripting Vulnerability

A vulnerability in the Virtual Keyboard Video Monitor vKVM connection handling of Cisco Integrated Management Controller IMC could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is...

PT-2025-34880 · Gitblit · Gitblit

Name of the Vulnerable Software and Affected Versions: Gitblit version 1.7.1 Description: Gitblit version 1.7.1 contains a reflected cross-site scripting XSS flaw due to insufficient input sanitization of filename elements when handling repository path names. An attacker can inject a crafted path...

Linux Distros Unpatched Vulnerability : CVE-2020-4046

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In affected versions of WordPress, users with low privileges like contributors and authors can use the embed block in a certain way to inject unfiltered HTML in...

PT-2025-34730 · Unknown · 1000Projects Online Project Report Submission/Evaluation System

Name of the Vulnerable Software and Affected Versions: 1000projects Online Project Report Submission and Evaluation System version 1.0 Description: A security issue exists in 1000projects Online Project Report Submission and Evaluation System 1.0. The vulnerability is related to a cross-site...

CVE-2025-55620

A cross-site scripting XSS vulnerability in the valuateJavascript function of Reolink v4.54.0.4.20250526 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the user creation process via the /admin/settings/users/create endpoint, where file uploads are insufficiently sanitized due to improper MIME type validation. An attacker can execute arbitrary JavaScript in t...

Group Office 跨站脚本漏洞

Group Office is a modular office suite from the Dutch company Group Office. A cross-site scripting vulnerability exists in Group Office versions prior to 6.8.119 and prior to 25.0.20, which stems from a cross-site scripting attack that could lead to the execution of arbitrary script...

JVN#72111431: Multiple vulnerabilities in Group-Office

Group-Office provided by Intermesh BV contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 4.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2025-53504 Path traversal CWE-22...

Linux Distros Unpatched Vulnerability : CVE-2018-6110

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML...

CVE-2025-55522

Akaunting 3.1.18 contains a Cross-site Scripting (XSS) vulnerability in the /common/reports component. The flaw allows an attacker to inject arbitrary web scripts or HTML via the name parameter, leading to potential user–level impact consistent with XSS. Root cause is improper handling/encoding o...

WordPress BaiduXZH Submit plugin cross-site scripting vulnerability

WordPress BaiduXZH Submit plugin is a third-party WordPress plugin, mainly used for automatic submission of website content to Baidu Bear Paw, to achieve rapid inclusion within 24 hours, and support for original protection features. WordPress BaiduXZH Submit plugin has a cross-site scripting...

Cross-site Scripting (XSS)

microweber/microweber is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the id parameter in the liveedit.modulesettings API endpoint allowing arbitrary JavaScript execution...

CVE-2025-51488

MoonShine, a Laravel-based admin panel, is affected by CVE-2025-51488 due to a Stored XSS in the Create Admin flow. The vulnerability arises from improper sanitization of the Name parameter when creating a new Admin, allowing an attacker to store and execute arbitrary JavaScript in victims’ brows...

Linux Distros Unpatched Vulnerability : CVE-2024-52336

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A script injection vulnerability was identified in the Tuned package. The instancecreate D-Bus function can be called by locally logged-in users without...

Linux Distros Unpatched Vulnerability : CVE-2025-3155

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to...

CVE-2025-8143 Soledad <= 8.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'pcsml_smartlists_h'

The Soledad theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pcsmlsmartlistsh’ parameter in all versions up to, and including, 8.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

PT-2025-33538 · WordPress · Advanced Iframe

Name of the Vulnerable Software and Affected Versions: Advanced iFrame plugin for WordPress versions prior to 2025.7 Description: The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the additional parameter due to insufficient input sanitization and output...

WordPress Mosaic Generator plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Mosaic Generator plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-suppli...

CVE-2025-40769

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V3.0. The affected application uses a Content Security Policy that allows unsafe script execution methods. This could allow an attacker to execute unauthorized scripts, potentially leading to cross-site...

CVE-2025-42975

SAP NetWeaver Application Server ABAP BIC Document allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing the attacker to acces...