CVE-2025-51859

Stored Cross-Site Scripting XSS vulnerability in Chaindesk thru 2025-05-26 in its agent chat component. An attacker can achieve arbitrary client-side script execution by crafting an AI agent whose system prompt instructs the underlying Large Language Model LLM to embed malicious script payloads...

WordPress plugin WP-Members Membership Plugin 跨站脚本漏洞

WordPress WP-Members Membership plugin is a free membership plugin for WordPress, which is mainly used to restrict access to website content and support user login, registration and personalized user profile management. WordPress WP-Members Membership plugin suffers from a cross-site scripting...

PT-2025-30412

Name of the Vulnerable Software and Affected Versions: ETQ Reliance CG legacy platform affected versions not specified Description: A reflected cross-site scripting XSS issue exists within the SQLConverterServlet component. This requires user interaction, such as clicking a crafted link, and may...

ETQ Reliance CG 安全漏洞

ETQ Reliance CG is a quality management system from ETQ Corporation. A security vulnerability exists in ETQ Reliance CG that stems from the SQLConverterServlet component being susceptible to a reflective cross-site scripting attack, which could lead to the execution of unauthorized scripts in the...

CVE-2025-51859

Stored Cross-Site Scripting XSS vulnerability in Chaindesk thru 2025-05-26 in its agent chat component. An attacker can achieve arbitrary client-side script execution by crafting an AI agent whose system prompt instructs the underlying Large Language Model LLM to embed malicious script payloads...

CVE-2025-51397

A stored cross-site scripting XSS vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists...

CVE-2025-51400

A stored cross-site scripting XSS vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

CVE-2025-51397

A stored cross-site scripting XSS vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists...

CVE-2025-51403

A stored cross-site scripting XSS vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Alias Nick parameter...

CVE-2025-51400

A stored cross-site scripting XSS vulnerability in the Personal Canned Messages of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload...

CVE-2025-51401

A stored cross-site scripting XSS vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the operator name parameter...

CVE-2025-51396

A stored cross-site scripting XSS vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter...

gitk: git script execution flaw

There's a vulnerability in gitk where an user can be tricked to run malicious scripts supplied by the attacker when running gitk filename command. When successfully exploited this vulnerability may result in arbitrary code execution...

CVE-2025-6235

In ExtremeControl before 25.5.12, a cross-site scripting XSS vulnerability was discovered in a login interface of the affected application. The issue stems from improper handling of user-supplied input within HTML attributes, allowing an attacker to inject script code that may execute in a user's...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-16387)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2025-51396

A stored cross-site scripting XSS vulnerability in Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Telegram Bot Username parameter...

CVE-2025-51397

A stored cross-site scripting XSS vulnerability in the Facebook Chat module of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Surname parameter under the Recipient' Lists...

CVE-2025-51401

CVE-2025-51401 is a stored XSS in the Live Helper Chat chat transfer function, triggered by crafting the operator name parameter. Affected version: Live Helper Chat v4.60 (and related references indicate ≤4.61 in some advisories). The underlying issue is unsanitized input stored and later rendere...

CVE-2025-51403

Vulnerability : CVE-2025-51403 affects Live Helper Chat (v4.60/v4.61 era) in the department assignment editing module. The issue is a stored XSS via the Alias Nick field, caused by insufficient validation/escaping of user input. Impact : stored XSS could allow a logged-in user with low privileges...

CVE-2025-51398

A stored cross-site scripting XSS vulnerability in the Facebook registration page of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...