CVE-2025-32974 org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type

XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is content on the page...

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform versions prior to 15.10.8 and prior to 16.2.0, which stems from an incomplete permissions analysis that could lead to malicious script...

WordPress plugin Able Player cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Able Playe...

CVE-2024-52888

For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties...

Medium: libreoffice

Issue Overview: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that support...

IBM Operational Decision Manager 跨站脚本漏洞

IBM Operational Decision Manager is a decision management solution from International Business Machines IBM used to help organizations better manage and enforce business rules and decisions. IBM Operational Decision Manager suffers from a cross-site scripting vulnerability that stems from the...

Amazon Linux 2 : libreoffice (ALASLIBREOFFICE-2025-007)

The version of libreoffice installed on the remote host is prior to 5.3.6.1-21. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2LIBREOFFICE-2025-007 advisory. Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The Documen...

CVE-2024-52887

Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list...

CVE-2024-52888

For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties...

CVE-2024-52887

CVE-2024-52887 affects Check Point Mobile Access (R82 and prior). An authenticated end-user can set a specially crafted SNX bookmark that causes their browser to execute a script when accessing the bookmark list (stored/self-XSS in the ‘favorites’ dialog). Exact impact details are not quantified ...

Check Point Mobile Access 安全漏洞

Check Point Mobile Access is a secure and easy solution from Check Point Israel. It is used for smartphones, tablets or PCs to securely connect to corporate applications over the Internet. A security vulnerability exists in Check Point Mobile Access R82 and prior versions, which stems from the...

PT-2025-17987 · Check Point · Check Point Mobile Access

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An authenticated end-user can set a specially crafted SNX bookmark, which can cause their browser to run a script when accessing their own bookmark list. Recommendations: At the moment, ther...

PT-2025-17988 · Apache · Apache Struts

Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The issue allows an authenticated end-user to potentially run a script while the portal attempts to display a directory or some file's properties. Recommendations: At the moment, ther...

Check Point Mobile Access 安全漏洞

Check Point Mobile Access is a secure and easy solution from Check Point Israel. It is used for smartphones, tablets or PCs to securely connect to corporate applications over the Internet. A security vulnerability exists in Check Point Mobile Access R82 and prior versions, which originates from a...

CVE-2024-41446

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function...

IBM Maximo Asset Management 跨站脚本漏洞

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from International Business Machines IBM. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for...

CVE-2024-53568

A stored cross-site scripting XSS vulnerability in the Image Upload section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the tag parameter...

CVE-2023-44753

A stored cross-site scripting XSS vulnerability fin Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter on the profile.php page...

CVE-2023-43378

A cross-site scripting XSS vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento11 parameter...

CVE-2024-53568

A stored cross-site scripting XSS vulnerability in the Image Upload section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the tag parameter...