Yonyou UFIDA ERP-NC 代码注入漏洞

Yonyou UFIDA ERP-NC is a kind of Enterprise Resource Planning ERP software, which is mainly used for financial management, supply chain management, production management and customer relationship management of enterprises. Yonyou UFIDA ERP-NC suffers from a cross-site scripting vulnerability that...

CVE-2025-29412

A cross-site scripting XSS vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

CVE-2025-29410

A cross-site scripting XSS vulnerability in the component /contact.php of Hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the txtEmail parameter...

GHSA-528Q-4PGM-WVG2 Reflected XSS in go-httpbin due to unrestricted client control over Content-Type

Description The go-httpbin framework is vulnerable to XSS as the user can control the Response Content-Type from GET parameter. This allows attacker to execute cross site scripts in victims browser. Affected URLs: - /response-headers?Content-Type=text/html&xss=%3Cimg/src/onerror=alert%27xss%27%3E...

CVE-2019-16151

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiOS 6.4.1 and below, 6.2.9 and below may allow a remote unauthenticated attacker to either redirect users to malicious websites via a crafted "Host" header or to execute JavaScript code in the victim's...

PT-2025-12393 · Zoho · Manageengine Supportcenter Plus +1

Name of the Vulnerable Software and Affected Versions: ManageEngine ServiceDesk Plus versions below 14920 ManageEngine ServiceDesk Plus MSP versions below 14910 ManageEngine SupportCentre Plus versions below 14910 Description: The issue concerns a Stored XSS vulnerability in the task feature. Thi...

CVE-2025-29410

A cross-site scripting XSS vulnerability in the component /contact.php of Hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the txtEmail parameter...

CVE-2025-29410

CVE-2025-29410 is a documented XSS vulnerability in Hospital Management System v1.0, exploitable via the /contact.php component where a crafted payload injected into the txtEmail parameter can execute arbitrary script/HTML. Affected component: /contact.php; vulnerability type: XSS; CVSS v3.1 base...

ChuanhuChatGPT 安全漏洞

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. ChuanhuChatGPT suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping o...

CVE-2025-29412

A cross-site scripting XSS vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter...

CVE-2025-29412

The CVE-2025-29412 entry identifies an XSS vulnerability in the Client Profile Update section of Mart Developers iBanking v2.0.0. The issue arises from injected payloads in the Name parameter, enabling arbitrary web scripts or HTML execution. Affected component: iBanking v2.0.0, Client Profile Up...

Hospital Management System 安全漏洞

Hospital Management System is a hospital management system by the individual developer Kishan Lal. A security vulnerability exists in Hospital Management System v1.0, which stems from a cross-site scripting vulnerability in the /contact.php component that could lead to the execution of arbitrary...

CVE-2025-29410

A cross-site scripting XSS vulnerability in the component /contact.php of Hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the txtEmail parameter...

CVE-2025-0600

A stored Cross-site Scripting XSS vulnerability affecting Product Explorer in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-0833

A stored Cross-site Scripting XSS vulnerability affecting Route Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-0828

A stored Cross-site Scripting XSS vulnerability affecting Engineering Release in ENOVIA Product Engineering Specialist from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-0826

A stored Cross-site Scripting XSS vulnerability affecting 3D Navigate in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-0827

A stored Cross-site Scripting XSS vulnerability affecting 3DPlay in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-0829

A stored Cross-site Scripting XSS vulnerability affecting 3D Markup in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-0599

A stored Cross-site Scripting XSS vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...