6714 matches found
CVE-2025-34407
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the theme parameter of /Mondo/lang/sys/Forms/Statistics.aspx. The theme value is insufficiently sanitized when processed via a GET request and is reflected in the response, allowing an attacker to bre...
CVE-2025-34409
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Failed parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Failed value is not properly sanitized when processed via a GET request and is reflected in the response, allowing an...
CVE-2025-34407
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the theme parameter of /Mondo/lang/sys/Forms/Statistics.aspx. The theme value is insufficiently sanitized when processed via a GET request and is reflected in the response, allowing an attacker to bre...
CVE-2025-34409
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Failed parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Failed value is not properly sanitized when processed via a GET request and is reflected in the response, allowing an...
CVE-2025-34406
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Id parameter of /Mobile/ContactDetails.aspx. The Id value is not properly sanitized when processed via a GET request and is reflected within a block in the response. By supplying a crafted payload...
CVE-2025-34400
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesTo value is not properly sanitized when processed via a GET request and is reflected within a block in the response. B...
CVE-2025-34408 MailEnable < 10.54 Reflected XSS in Added Parameter of MAI/AddRecipientsResult.aspx
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Added parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Added value is not properly sanitized when processed via a GET request and is reflected in the response, allowing an...
CVE-2025-34408 MailEnable < 10.54 Reflected XSS in Added Parameter of MAI/AddRecipientsResult.aspx
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Added parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Added value is not properly sanitized when processed via a GET request and is reflected in the response, allowing an...
CVE-2025-34400 MailEnable < 10.54 Reflected XSS in AddressesTo Parameter of AddressBook.aspx
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the AddressesTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The AddressesTo value is not properly sanitized when processed via a GET request and is reflected within a block in the response. B...
EUVD-2025-202192
MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the FieldCc parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldCc value is not properly sanitized when processed via a GET request and is reflected inside a block in the JavaScript variable...
CVE-2025-34403
MailEnable < 10.54 contains a reflected XSS in the FieldTo parameter of /Mondo/lang/sys/Forms/AddressBook.aspx. The FieldTo value, processed via GET, is reflected inside a [removed] block in the JavaScript variable fieldTo, enabling attacker-controlled script execution that can redirect users,...
KB5074204: Security Update for Windows PowerShell (OS Builds 26100.7392 and 26200.7392)
KB5074204: Security Update for Windows PowerShell OS Builds 26100.7392 and 26200.7392 For information about Windows update terminology, see types of Windows updates and the monthly quality update types. To find an overview of Windows 11, see the update history pages for Windows 11, version 24H2 a...
Coohom SaaS Platform 安全漏洞
Coohom SaaS Platform is a cloud-based integration platform from Coohom Inc. in the United States. A security vulnerability exists in Coohom SaaS Platform that originates from stored cross-site scripting and could lead to session hijacking or arbitrary script execution...
Selea Targa IP OCR-ANPR Camera 跨站脚本漏洞
Selea Targa IP OCR-ANPR Camera is an IP camera from Selea. A cross-site scripting vulnerability exists in the Selea Targa IP OCR-ANPR Camera that stems from a stored cross-site scripting issue with the fileslist parameter, which could lead to the execution of arbitrary script...
CVE-2025-65300
A stored Cross-Site Scripting XSS vulnerability exists in the Coohom SaaS Platform feVersion=1760060603897 2025-10-28 in the Account Settings module, where unsanitized user input in Address fields City, State, Country/Region is rendered back to the page. Attackers can inject arbitrary JavaScript...
PT-2025-50145
Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS issue in the theme parameter of the ''/Mondo/lang/sys/Forms/Statistics.aspx'' endpoint. The theme value is not...
PT-2025-50140
Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description The software contains a reflected cross-site scripting XSS issue in the FieldBcc parameter of the ''/Mondo/lang/sys/Forms/AddressBook.aspx'' endpoint. The FieldBcc value is not properly sanitized...
PT-2025-50248
Name of the Vulnerable Software and Affected Versions Selea Targa IP OCR-ANPR Camera affected versions not specified Description The Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting issue in the files list parameter. This allows attackers to inject malicious HTML and script...
CVE-2025-12956 Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x
A reflected Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-12956 Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x
A reflected Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...