6714 matches found
CVE-2024-37396
A stored cross-site scripting XSS vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Notes' field of a calendar event. This could lead to the execution of malicious scripts when the...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through multiple system messages. An attacker can execute arbitrary scripts in the context of the user's browser by inserting malicious content into editable interface elements. Details Cross-site scripting or X...
WordPress WP Attachments plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress WP Attachments plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied dat...
WordPress Easy Digital Downloads plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Easy Digital Downloads plugin, which stems from the application's lack of effective filtering and escaping of...
CVE-2025-47089
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-47067
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-47040
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-47034
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-47026
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-46908
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-46848
Adobe Experience Manager (AEM) 6.5.22 and earlier is affected by a stored XSS vulnerability in vulnerable form fields (CVE-2025-46848). The issue allows a low-privileged attacker to inject malicious scripts, which may execute in a user’s browser when visiting a page containing the affected field....
CVE-2025-47078 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2024-37395
A stored cross-site scripting XSS vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Survey Title' and 'Survey Instructions' fields. This vulnerability could be exploited by...
firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Error handling for script execution is incorrectly isolated from web content, which could allow cross-origin leak attacks...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a comprehensive content management solution from Adobe. A cross-site scripting vulnerability exists in Adobe Experience Manager, which stems from the vulnerability of form fields to stored cross-site scripting attacks. An attacker can exploit the vulnerability to cause...
CVE-2024-37396
A stored cross-site scripting XSS vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Notes' field of a calendar event. This could lead to the execution of malicious scripts when the...
GeoServer 安全漏洞
GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer that originates from malicious Jiffle script execution and could lead to a denial of service attack...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a comprehensive content management solution from Adobe. A cross-site scripting vulnerability exists in Adobe Experience Manager, which stems from the vulnerability of form fields to stored cross-site scripting attacks. An attacker can exploit the vulnerability to cause...
CVE-2024-37394
CVE-2024-37394 (REDCap) : A stored XSS in REDCap 13.1.9 affects the Project Dashboards, allowing authenticated users to inject payloads into the Dashboard title and content. Exploitation leads to execution of malicious scripts when the dashboard is viewed. Red Hat CVE records mirror this issue fo...
Adobe Experience Manager(AEM) 跨站脚本漏洞
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...