CVE-2025-30009

he Live Auction Cockpit in SAP Supplier Relationship Management SRM uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute malicious script in the victim�s browser. This vulnerability has low impact on confidentiality and...

CVE-2025-30009

CVE-2025-30009 affects the SAP Supplier Relationship Management (SRM) Live Auction Cockpit. The issue stems from a deprecated Java applet in affected SRM packages, allowing an unauthenticated attacker to execute malicious script in the victim’s browser. Reported impact is limited to the victim’s ...

SAP Supplier Relationship Management 跨站脚本漏洞

SAP Supplier Relationship Management Master Data Management Catalog is a system for managing supplier relationships that provides master data management functionality. A cross-site scripting vulnerability exists in SAP Supplier Relationship Management Master Data Management Catalog that allows an...

CVE-2025-46749

An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution...

CVE-2025-46749 Improper Neutralization of Input

An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution...

CVE-2025-46749 Improper Neutralization of Input

An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution...

Cross-site Scripting (XSS)

Overview org.webjars.npm:trix is a Rich Text Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the copy and paste functionality. An attacker can execute arbitrary JavaScript code within the user's session by tricking a user into pasting malicious content...

RLSA-2024:4242 Moderate: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

libreoffice security update

An update is available for libreoffice. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibreOffice is an open source, community-developed office productivity...

RLSA-2025:2868 Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

CVE-2025-45236

A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...

TOTOLINK N150RT IP Port Filtering Component Cross-Site Scripting Vulnerability

The TOTOLINK N150RT is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N150RT version 3.4.0-B20190525 suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the IP Port Filtering component, whi...

IBM Operational Decision Manager Cross-Site Scripting Vulnerability

IBM Operational Decision Manager is a decision management solution from International Business Machines IBM used to help organizations better manage and enforce business rules and decisions. IBM Operational Decision Manager suffers from a cross-site scripting vulnerability that stems from the...

Wiesemann & Theis Web-IO 跨站脚本漏洞

Wiesemann & Theis Web-IO is a Wiesemann & Theis component for small to medium-sized remote IO and monitoring applications over TCP/IP Ethernet. A cross-site scripting vulnerability exists in Wiesemann & Theis Web-IO that originates from a configuration web page where multiple fields can be inject...

CVE-2025-45236

A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...

CVE-2025-45236

A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...

PT-2025-19751 · Dbsyncer · Dbsyncer

Name of the Vulnerable Software and Affected Versions: DBSyncer version 2.0.6 Description: A stored cross-site scripting XSS issue in the Edit Profile feature allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Nickname parameter. Recommendations: For...

CVE-2025-45236

Affected product: DBSyncer v2.0.6. Vulnerability: stored cross-site scripting (XSS) in the Edit Profile feature via the Nickname parameter. Root cause: mishandling of the Nickname field enabling injection of arbitrary web scripts/HTML. Impact: attackers can execute scripts or HTML in the context ...

CVE-2025-45236

A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...

CLSA-2025-1746190792 libreoffice: Fix of 2 CVEs

CVE-2022-38745: avoid unnecessary empty -Djava.class.path= - CVE-2024-3044: add notify for script execution...