CVE-2025-32999

Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is exploited, an arbitrary...

CVE-2025-32999

CVE-2025-32999 : The vulnerability affects a-blog cms prior to version 3.1.43 and prior to 3.0.47. It is a cross-site scripting issue in a specific field of the entry editing screen that requires contributor or higher privileges to exploit. If exploited, an arbitrary script may execute in the web...

CVE-2024-51106

A cross-site scripting XSS vulnerability in the component mcgs/admin/aboutus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle parameter...

CVE-2024-51106

CVE-2024-51106 → A cross-site scripting (XSS) vulnerability in PHPGURUKUL Medical Card Generation System v1.0, in the mcgs/admin/aboutus.php component, allows injecting a crafted payload via the pagetitle parameter. Affected: PHPGURUKUL Medical Card Generation System (PHP/MySQL, v1.0). Root cause...

CVE-2025-3527

The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings.js' file in all versions up to, and including, 4.9.6. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2025-40631

CVE-2025-40631 describes an HTTP Host header injection affecting IceWarp Mail Server, version 11.4.0. By modifying the Host header and delivering a payload, arbitrary JavaScript can be executed on the loaded page when a user interacts with a malicious link (redirect). The vulnerability is tied to...

CVE-2025-29689

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at /mail/MailController.java...

CVE-2025-29690

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /address/AddrController.java...

CVE-2025-29686

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/InformManageController.java...

CVE-2025-29690

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /address/AddrController.java...

CVE-2025-29686

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/InformManageController.java...

CVE-2025-29689

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at /mail/MailController.java...

CVE-2025-29691

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at /login/LoginsController.java...

Alibaba Cloud Linux 3 : 0162: httpd:2.4 (ALINUX3-SA-2024:0162)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0162 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-38476: Vulnerability in core of Apache HTT...

CVE-2025-30315 Adobe Connect | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Connect versions 12.8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing t...

git: The sideband payload is passed unfiltered to the terminal in git

A flaw was found in Git. When cloning, fetching, or pushing from a server, informational or error messages are transported from the remote Git process to the client via a sideband channel. These messages are prefixed with "remote:" and printed directly to the standard error output. Typically, thi...

CVE-2025-30009

he Live Auction Cockpit in SAP Supplier Relationship Management SRM uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute malicious script in the victim�s browser. This vulnerability has low impact on confidentiality and...

CVE-2025-30009

CVE-2025-30009 affects the SAP Supplier Relationship Management (SRM) Live Auction Cockpit. The issue stems from a deprecated Java applet in affected SRM packages, allowing an unauthenticated attacker to execute malicious script in the victim’s browser. Reported impact is limited to the victim’s ...

SAP Supplier Relationship Management 跨站脚本漏洞

SAP Supplier Relationship Management Master Data Management Catalog is a system for managing supplier relationships that provides master data management functionality. A cross-site scripting vulnerability exists in SAP Supplier Relationship Management Master Data Management Catalog that allows an...

CVE-2025-46749

An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution...