CVE-2025-66500

A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...

CVE-2025-66500

A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...

PT-2025-52428

A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...

CVE-2025-52621

HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning. The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an unvalidated reflection of the Origin header value introduces a potential for cache poisoning...

CVE-2025-52621 HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning

HCL BigFix SaaS Authentication Service is vulnerable to cache poisoning. The BigFix SaaS's HTTP responses were observed to include the Origin header. Its presence alongside an unvalidated reflection of the Origin header value introduces a potential for cache poisoning...

Wordpress Plugin IP2Location Country Blocker 访问控制错误漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. An access control error vulnerability exists in th...

WordPress Stockdio Historical Chart plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in WordPress Stockdio Historical Chart plugin versions prior to 2.8....

Cisco Enterprise NFV Infrastructure Software Cross-Site Request Forgery Vulnerability

Cisco Enterprise NFV Infrastructure Software NFVIS is a suite of NVF infrastructure software platforms from Cisco. The platform can be achieved through the central coordinator and controller of the virtualization services of the full lifecycle management. A cross-site request forgery vulnerabilit...