6714 matches found
EUVD-2025-33691
Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0...
CVE-2025-52650
CVE-2025-52650 – HCL AION v2.0 : A CSP-related issue allows inline script execution due to improper CSP enforcement in HCL AION version 2.0. The root cause is CSP misconfiguration that fails to block inline scripts, enabling potential script injection within the application. Documented sources (P...
PT-2025-41540
Name of the Vulnerable Software and Affected Versions HCL AION version 2.0 Description An issue exists in HCL AION version 2.0 related to Content Security Policy CSP enforcement. Improper CSP configuration allows for the execution of inline scripts, which should be blocked. This enables an attack...
CVE-2025-59995
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Quick Template page that, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2025-59994
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Quick Template page that, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2025-60002 Junos Space: Template Definitions page is vulnerable to reflected cross-site script injection
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Template Definitions page that, when visited by another user, enables the attacker to execute commands with the...
CVE-2025-60001 Junos Space: Create Quick Template page is vulnerable to reflected cross-site script injection
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2025-59999 Junos Space: API Access Profiles page is vulnerable to reflected cross-site script injection
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the API Access Profiles page that, when visited by another user, enables the attacker to execute commands with the target...
CVE-2025-59996
The CVE-2025-59996 issue affects Juniper Networks Junos Space versions prior to 24.1R4, where an Improper Neutralization of Input During Web Page Generation enables cross-site scripting in the Configuration View page. Exploitation would allow an attacker to inject script tags that, when a second ...
CVE-2025-59996 Junos Space: Configuration View page is vulnerable to reflected cross-site script injection
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Configuration View page that, when visited by another user, enables the attacker to execute commands with the target'...
CVE-2025-59993
CVE-2025-59993 affects Juniper Networks Junos Space before version 24.1R4. The issue is an XSS vulnerability in the Space Node Setting fields (and related pages) where improper input neutralization allows injection of script tags, enabling an attacker to run commands with the target user’s privil...
CVE-2025-59991
CVE-2025-59991 is a cross-site scripting vulnerability in Juniper Networks Junos Space that allows an attacker to inject scripts into Device Management pages, enabling execution of commands with the victim user’s permissions (potentially admin). Affected: Junos Space versions before 24.1R4. The N...
CVE-2025-59989
CVE-2025-59989 affects Juniper Networks Junos Space prior to version 24.1R4. The issue is an Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) on the Device Discovery page, allowing an attacker to inject script tags which, when viewed by another user, can execute ...
CVE-2025-59988
CVE-2025-59988 involves a cross-site scripting vulnerability in Juniper Networks Junos Space prior to version 24.1R4. The issue allows an attacker to inject script tags on the Generate Report page, which, when visited by another user, can execute commands with the target’s permissions (including ...
CVE-2025-59988 Junos Space: Generate Report page is vulnerable to reflected cross-site script injection
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2025-59987 Junos Space: The arbitrary device search field is vulnerable to reflected cross-site script injection
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the arbitrary device search field that, when visited by another user, enables the attacker to execute commands with the...
CVE-2025-59986 Junos Space: Input fields in Model Devices are vulnerable to reflected cross-site script injection
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the input fields in Model Devices that, when visited by another user, enables the attacker to execute commands with the...
CVE-2025-59984 Junos Space: Global Search is vulnerable to reflected cross-site script injection
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in Global Search that, when visited by another user, enables the attacker to execute commands with the target's permissions,...
CVE-2025-59983
CVE-2025-59983 affects Juniper Networks Junos Space prior to version 24.1R4. The issue is an Improp er Neutralization of Input During Web Page Generation (Cross-site Scripting) that allows an attacker to inject script tags on the Template Definition page; when another user visits that page, the a...
Security update for git
This update for git fixes the following issues: Update to 2.51.0: CVE-2025-27613: arbitrary writable file creation and truncation in Gitk bsc1245938 CVE-2025-27614: arbitrary script execution via repo clonation in gitk bsc1245939 CVE-2025-46835: untrusted repository cloning can lead to arbitrary...