RHEL 9 : tuned (RHSA-2025:0879)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:0879 advisory. The tuned packages provide a service that tunes system settings according to a selected profile. Security Fixes: tuned: improper sanitizatio...

Cross-site Scripting (XSS)

pscontactinfo is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of formatted addresses, which allows stored script execution when combined with third-party modules...

CVE-2025-23362

The old versions of EXIF Viewer Classic contain a cross-site scripting vulnerability caused by improper handling of EXIF meta data. When an image is rendered and crafted EXIF meta data is processed, an arbitrary script may be executed on the web browser. Versions 2.3.2 and 2.4.0 were reported as...

CVE-2025-24810

Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege and accessing the settings screen...

Hewlett Packard Enterprise Aruba Networking Fabric Composer 安全漏洞

Hewlett Packard Enterprise Aruba Networking Fabric Composer HPE Aruba Networking Fabric Composer is an intelligent, API driven, software-defined orchestration solution from Hewlett Packard Enterprise. A security vulnerability exists in Hewlett Packard Enterprise Aruba Networking Fabric Composer. ...

GHSA-X2J8-VJG7-386R Dolibarr Cross-site Scripting vulnerability

A cross-site scripting XSS vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter...

CVE-2024-55228

A cross-site scripting XSS vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter...

CVE-2024-55228

A cross-site scripting XSS vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter...

CVE-2024-55228

A cross-site scripting XSS vulnerability in the Product module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter...

Exif Viewer 跨站脚本漏洞

Exif Viewer is an Exif viewer from Exif Viewer Inc. to quickly access the Exif data of any image/photo seen in Google Chrome. A cross-site scripting vulnerability exists in Exif Viewer versions 2.3.2 and 2.4.0, which stems from improper handling of EXIF metadata and could lead to the execution of...

CVE-2024-55227

A cross-site scripting XSS vulnerability in the Events/Agenda module of Dolibarr v21.0.0-beta allows attackers to execute arbitrary web scripts or HTMl via a crafted payload injected into the Title parameter...

CBL Mariner 2.0 Security Update: redis / valkey (CVE-2024-46981)

The version of redis / valkey installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46981 advisory. - Redis is an open source, in-memory database that persists on disk. An authenticated user May use a...

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2025-02530)

IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. IBM Sterling B2B Integrator suffe...

CVE-2024-55488

A stored cross-site scripting XSS vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. NOTE: This has been disputed by the vendor since this potential attack is only possible via authenticated users who have been manually allowed...

CVE-2024-55488

CVE-2024-55488 affects Umbraco CMS v14.3.1 via a stored XSS in the Rich Text/Document context. The root cause cited is the absence of HTML sanitization at the product level, with the vendor disputing exploitation only via authenticated, whitelisted users. Impact per sources is the ability to exec...

Umbraco CMS 安全漏洞

Umbraco CMS is a content management system from Umbraco, Denmark. A security vulnerability exists in Umbraco CMS version v14.3.1 that stems from vulnerability to a stored cross-site scripting attack that allows an attacker to execute arbitrary web script or HTML via a crafted payload...

CVE-2024-55488

A stored cross-site scripting XSS vulnerability in Umbraco CMS v14.3.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. NOTE: This has been disputed by the vendor since this potential attack is only possible via authenticated users who have been manually allowed...

PT-2025-4838 · Ambari · Ambari

Name of the Vulnerable Software and Affected Versions: Ambari affected versions not specified Description: A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when...

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2025-1122)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of...

CVE-2025-23039

Caido is a web security auditing toolkit. A Cross-Site Scripting XSS vulnerability was identified in Caido v0.45.0 due to improper sanitization in the URL decoding tooltip of HTTP request and response editors. This issue could allow an attacker to execute arbitrary scripts, potentially leading to...