CVE-2025-0555

CVE-2025-0555 is a Cross-Site Scripting (XSS) vulnerability in GitLab-EE affecting all 16.6+ releases up to but not including 17.7.6, 17.8 up to not including 17.8.4, and 17.9 up to not including 17.9.1. The issue allows an attacker to bypass security controls and run arbitrary scripts in a user’...

CVE-2025-0555 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

A Cross Site Scripting XSS vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions...

CVE-2025-0555 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

A Cross Site Scripting XSS vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions...

CVE-2025-27585

Technical details about CVE-2025-27585 are not provided in the connected documents. Please monitor for updates.

CVE-2025-27400

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerability that allows script execution in the admi...

CVE-2025-27400

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerability that allows script execution in the admi...

CVE-2025-27400

Summary: CVE-2025-27400 affects OpenMage/magento-lts (Magento LTS) with a stored XSS in the admin panel via the Design > Themes > Skin (Images / CSS) config field. Affected versions: prior to 20.12.3 and prior to 20.13.0 contain the vulnerability (one source notes 20.13.1 as patched in some...

CVE-2025-27400 Magento vulnerable to stored XSS in theme config fields

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerability that allows script execution in the admi...

CVE-2025-27400 Magento vulnerable to stored XSS in theme config fields

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Versions prior to 20.12.3 and 20.13.0 contain a vulnerability that allows script execution in the admi...

CVE-2025-25825

A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category section...

TRENDnet TEW-929DRU 安全漏洞

The TRENDnet TEW-929DRU is a wireless router from TRENDnet. The TRENDnet TEW-929DRU suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the ssid key of the wifidata parameter on the /captiveportal.htm page, which...

Trendnet TEW-929DRU 安全漏洞

The TRENDnet TEW-929DRU is a wireless router from TRENDnet. The TRENDnet TEW-929DRU suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the configname parameter of the /cbiaddcert.htm page, which can be exploited ...

PT-2025-9112 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento Long Term Support LTS versions prior to 20.12.3 Magento Long Term Support LTS versions prior to 20.13.1 Description: The issue allows script execution in the admin panel, potentially leading to cross-site scripting against authenticat...

CVE-2025-20116

A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper input validation in the web...

CVE-2025-25825

A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category section...

CVE-2025-25825

A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category section...

CVE-2025-25818

A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the postStrVar function at articlesave.php...

CVE-2025-25823

A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the article header at /admin/article.php...

CVE-2025-25825

A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category section...

CVE-2025-25818

A cross-site scripting XSS vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the postStrVar function at articlesave.php...