PT-2025-41969

Name of the Vulnerable Software and Affected Versions mailgen versions through 2.0.30 Description mailgen is a Node.js package used to generate responsive HTML e-mails. Versions through 2.0.30 have an issue where the generatePlaintext function does not properly remove encoded HTML entities from...

CVE-2025-60374

Stored Cross-Site Scripting XSS in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A...

EUVD-2025-34046

A stored Cross-site Scripting XSS vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

EUVD-2025-34047

A stored Cross-site Scripting XSS vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-10558 Stored Cross-site Scripting (XSS) vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x

A stored Cross-site Scripting XSS vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-10556

ENOVIA Specification Manager (3DEXPERIENCE) is affected by a stored XSS in the Specification Management module, impacting releases from R2023x through R2025x. The root cause is improper handling of user-supplied data in the web UI, enabling an attacker to execute arbitrary script code in a victim...

PT-2025-41768

Name of the Vulnerable Software and Affected Versions 3DSearch on 3DSwymer versions prior to 3DEXPERIENCE R2025x Description A stored Cross-site Scripting XSS issue exists in 3DSearch within 3DSwymer. This allows an attacker to execute arbitrary script code within a user’s browser session...

PT-2025-41766

Name of the Vulnerable Software and Affected Versions ENOVIA Specification Manager versions 3DEXPERIENCE R2023x through 3DEXPERIENCE R2025x Description A stored Cross-site Scripting XSS issue exists in Specification Management within ENOVIA Specification Manager. This allows an attacker to execut...

WordPress Eulerpool Research Systems plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Eulerpool Research Systems plugin that stems from a lack of valid filtering and escaping of the aaq shortcode, which...

WordPress dbview plugin cross-site scripting vulnerability

WordPress dbview plugin is a plugin for database query and display , developed by John Akers. The plugin through AJAX technology to achieve real-time query and dynamic display of database data , support for the direct execution of SQL statements and visual presentation of the results . WordPress...

WordPress Easy Elementor Addons plugin cross-site scripting vulnerability

The WordPress Elementor Addons plugin is a plugin that extends the Elementor page builder functionality and enhances site design capabilities by providing additional widgets and styles. A cross-site scripting vulnerability exists in the WordPress Easy Elementor Addons plugin, which stems from the...

WordPress Auto Bulb Finder plugin cross-site scripting vulnerability

WordPress Auto Bulb Finder plugin is a plugin for quickly checking vehicle bulb models in a WordPress website, supporting the retrieval of appropriate auto bulb specifications by year, make, model and other information. The WordPress Auto Bulb Finder plugin suffers from a cross-site scripting...

WordPress All Social Share Options plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress All Social Share Options plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of sc...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23567)

AndSoft e-TMS is a logistics management software from AndSoft Spain. A cross-site scripting vulnerability exists in AndSoft e-TMS, which stems from the lack of effective filtering and escaping of user-supplied data in the parameter l of /clt/resetPassword.asp, which can be exploited by an attacke...

CVE-2025-52650

Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0...

WordPress plugin Colibri Page Builder 跨站脚本漏洞

WordPress Colibri Page Builder plugin is a plugin for ColibriWP theme to add drag-and-drop page building functionality , through visual operations to achieve modular page design . The WordPress Colibri Page Builder plugin suffers from a cross-site scripting vulnerability that stems from a lack of...

CVE-2025-59994

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Quick Template page that, when visited by another user, enables the attacker to execute commands with the target's...

CVE-2025-59982

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the dashboard search field that, when visited by another user, enables the attacker to execute commands with the target's...

CVE-2025-52650

Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0...

CVE-2025-52650 HCL AION is susceptible to Inline script execution allowed in CSP vulnerability

Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0...