Syslifters Sysreptor 跨站脚本漏洞

Syslifters Sysreptor is a penetration test reporting platform from Syslifters, Inc. A cross-site scripting vulnerability exists in Syslifters Sysreptor versions prior to 2025.102, which originates from an authenticated user being able to perform a stored cross-site scripting attack by uploading a...

CVE-2025-46654

CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file...

SUSE CVE-2023-0109

A stored cross-site scripting XSS vulnerability was discovered in usememos/memos version 0.9.1. This vulnerability allows an attacker to upload a JavaScript file containing a malicious script and reference it in an HTML file. When the HTML file is accessed, the malicious script is executed. This...

PYSEC-2024-220

Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...