CVE-2025-53707

A reflected cross-site scripting xss vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-53707

A reflected cross-site scripting xss vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-53707

CVE-2025-53707 concerns a pre-auth, reflected XSS in MedDream PACS Premium 7.3.6.870. Cisco Talos’ TALOS-2025-2267 describes a vulnerability in the Pacs/modifyTranscript.php workflow where the attacker-supplied name parameter is written into HTML output without sanitization, enabling a crafted UR...

PT-2026-3595

A reflected cross-site scripting xss vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-11952

Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...

CVE-2025-11952

CVE-2025-11952 describes a stored XSS in Oct8ne Chatbot v2.3. The flaw arises from input validation failure when creating a mail transcript via /Records/SendSummaryMail, allowing injected JavaScript to run in a victim's browser. Impact stated: potential theft of sensitive data (e.g., session cook...

CVE-2025-11952 Stored Cross-Site Scripting (XSS) in Oct8ne Chatbot

Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...

CVE-2025-11952 Stored Cross-Site Scripting (XSS) in Oct8ne Chatbot

Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...

CVE-2025-10869

Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...

CVE-2025-10869

Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...

CVE-2025-10869 Stored Cross-Site Scripting (XSS) in Oct8ne Chatbot

Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...

CVE-2025-10869 Stored Cross-Site Scripting (XSS) in Oct8ne Chatbot

Stored Cross-site Scripting XSS in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user...

CVE-2025-10869

CVE-2025-10869 describes a Stored Cross-site Scripting (XSS) vulnerability in Oct8ne Chatbot v2.3. The issue allows an attacker to inject JavaScript via a transcript created for an email-sent interaction, executed in the victim’s browser. The attack surface includes the /Data/SaveInteractions flo...

CVE-2025-11434

A weakness has been identified in itsourcecode Student Transcript Processing System 1.0. Affected is an unknown function of the file /login.php. Executing a manipulation of the argument uname can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made...

CVE-2025-11434

A weakness has been identified in itsourcecode Student Transcript Processing System 1.0. Affected is an unknown function of the file /login.php. Executing a manipulation of the argument uname can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made...

CVE-2025-11434

A weakness has been identified in itsourcecode Student Transcript Processing System 1.0. Affected is an unknown function of the file /login.php. Executing a manipulation of the argument uname can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made...

CVE-2025-11434 itsourcecode Student Transcript Processing System login.php sql injection

A weakness has been identified in itsourcecode Student Transcript Processing System 1.0. Affected is an unknown function of the file /login.php. Executing a manipulation of the argument uname can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made...

CVE-2025-11434

A weakness has been identified in itsourcecode Student Transcript Processing System 1.0. Affected is an unknown function of the file /login.php. Executing a manipulation of the argument uname can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made...

CVE-2025-11434 itsourcecode Student Transcript Processing System login.php sql injection

A weakness has been identified in itsourcecode Student Transcript Processing System 1.0. Affected is an unknown function of the file /login.php. Executing a manipulation of the argument uname can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made...

CVE-2025-11434

Summary: CVE-2025-11434 affects itsourcecode’s Student Transcript Processing System v1.0, with a SQL injection flaw in the /login.php file via the uname parameter. The issue can be exploited remotely and publicly available exploit code exists. Several sources corroborate the impact and exposure, ...