PT-2026-3251

Name of the Vulnerable Software and Affected Versions ConnectWise PSA versions prior to 2026.1 Description ConnectWise PSA versions older than 2026.1 may allow stored script code to execute in a user’s browser. This occurs because Time Entry notes stored in the Time Entry Audit Trail are rendered...

TOA TRIFORA 3 Series Cross-site Scripting Vulnerabilities

The TOA TRIFORA 3 Series is a series of network cameras produced by the Japanese company TOA. The TOA TRIFORA 3 Series has a cross-site scripting vulnerability, which allows for the execution of arbitrary scripts in the victim’s browser...

ConnectWise PSA security vulnerabilities

ConnectWise PSA is a professional service automation software developed by ConnectWise in the United States. Versions of ConnectWise PSA prior to 2026.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of output encoding for Time Entry notes in the Time Entry Audit...

CVE-2026-1009

A stored cross-site scripting XSS vulnerability exists in the Altium Forum due to missing server-side input sanitization in forum post content. An authenticated attacker can inject arbitrary JavaScript into forum posts, which is stored and executed when other users view the affected post...

CVE-2025-15265

An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a to terminate the script and inject arbitrary JavaScript. This enables remote script execution in users' browsers, with potential for session theft and account compromise. This...

CVE-2026-20076

Cisco Identity Services Engine (ISE) is affected by a stored XSS vulnerability in its web-based management interface. An authenticated administrator can inject malicious input on specific pages, potentially executing script code in the user’s browser or accessing sensitive information. The issue ...

WordPress plugin WP-Members Membership Plugin 跨站脚本漏洞

WordPress WP-Members Membership plugin is an open source membership plugin for WordPress that is mainly used to create membership sites with restricted content. WordPress WP-Members Membership plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of...

Cross-site Scripting (XSS)

Overview ph7software/ph7builder is a pH7Builder. Social Dating Web App Site Builder Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Description field in user profiles. An attacker can execute arbitrary JavaScript code in the context of other users by submittin...

CVE-2025-37185 Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attacks against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary...

CVE-2025-37185 Authenticated Stored Cross-Site Scripting Vulnerabilities (XSS) in EdgeConnect SD-WAN Orchestrator Web Administration Interface

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attacks against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary...

PT-2026-2822

Name of the Vulnerable Software and Affected Versions GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress versions through 1.1.7 Description The software is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output...

MiracleLinux 3 : postgresql-8.1.22-1.1.0.1.AXS3 (AXSA:2010-459:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2010-459:02 advisory. PostgreSQL is an advanced Object-Relational database management system DBMS that supports almost all SQL constructs including transactions, subselects and...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the email attachments due to the missing verification for API requests to localhost. An attacker can execute arbitrary scripts in the context of the user's browser by sending specially crafted emails...

CVE-2022-50891

Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary...

CVE-2022-50891

Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary...

CVE-2023-54332 Jetpack 11.4 - Cross Site Scripting (XSS)

Jetpack 11.4 contains a cross-site scripting vulnerability in the contact form module that allows attackers to inject malicious scripts through the postid parameter. Attackers can craft malicious URLs with script payloads to execute arbitrary JavaScript in victims' browsers when they interact wit...

CVE-2026-20976

Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview org.webjars.npm:quill is a modern rich text editor built for compatibility and extensibility. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' due to the improper sanitazation in the getHT...

Testa 跨站脚本漏洞

Testa is an academic activity monitoring software from Testa. A cross-site scripting vulnerability exists in Testa version 3.5.1, which stems from a reflected cross-site scripting vulnerability in the redirect parameter in login.php that could lead to the execution of arbitrary JavaScript...

MiracleLinux 8 : libreoffice-6.4.7.2-19.el8_10.ML.1 (AXSA:2025-9778:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9778:01 advisory. libreoffice: Macro URL arbitrary script execution CVE-2025-1080 Tenable has extracted the preceding description block directly from the MiracleLinux security...