CVE-2022-47502

Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected...

SUSE CVE-2024-38474

Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to...

SUSE CVE-2024-38476

Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

CVE-2024-36773

A cross-site scripting XSS vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Themes parameter at index.php...

IBM QRadar SIEM 安全漏洞

IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...

CVE-2023-49780

Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 and earlier. An arbitrary script may be executed on the web browser of the user who accessed the management page of the affected product...

CVE-2023-49780

Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 and earlier. An arbitrary script may be executed on the web browser of the user who accessed the management page of the affected product...

CVE-2023-49780

Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 and earlier. An arbitrary script may be executed on the web browser of the user who accessed the management page of the affected product...

CVE-2024-57409

A stored cross-site scripting XSS vulnerability in the Parameter List module of cool-admin-java v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the internet pictures field...

Code-Projects Wazifa System 代码注入漏洞

Wazifa System is a content management system. Wazifa System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the firstname/lastname parameter of the searchresualts.php file, which can be exploited to execute...

Code-Projects Wazifa System 代码注入漏洞

Wazifa System is a content management system. Wazifa System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter postcontent in the /profile.php file, which can be exploited to execute arbitrary Web...

Astra Linux – Vulnerability in Apache2

There is a vulnerability in the core of the Apache HTTP Server version 2.4.59 and earlier. This vulnerability allows for information disclosure, SSRF attacks, or local script execution through backend applications whose response headers are malicious or exploitable. Users are recommended to upgra...

CVE-2025-24867

SAP BusinessObjects Platform BI Launchpad does not sufficiently handle user input, resulting in Cross-Site Scripting XSS vulnerability. The application allows an unauthenticated attacker to craft a URL that embeds a malicious script within an unprotected parameter. When a victim clicks the link,...

JetBrains TeamCity 跨站脚本漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. A cross-site scripting vulnerability exists in...

CVE-2024-57409

A stored cross-site scripting XSS vulnerability in the Parameter List module of cool-admin-java v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the internet pictures field...

CVE-2024-57409

A stored cross-site scripting XSS vulnerability in the Parameter List module of cool-admin-java v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the internet pictures field...

CVE-2024-57409

A stored cross-site scripting XSS vulnerability in the Parameter List module of cool-admin-java v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the internet pictures field...

Orangescrum cross-site scripting vulnerability (CNVD-2026-02679)

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

Cisco Identity Services Engine Stored XSS Vulnerabilities (cisco-sa-ise-xss-42tgsdMG - CVE-2025-20204)

According to its self-reported version, Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities is affected by a vulnerability: - A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct...

PT-2025-5945 · Unknown · Facilita Form Tracker

Name of the Vulnerable Software and Affected Versions: Facilita Form Tracker versions 1.0 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in Facilita Form Tracker. This means an attacker can trick a user into performing unintended actio...