CVE-2025-66492 Masa CMS vulnerable to Cross-Site Scripting (XSS) through URL Parameter

Masa CMS is an open source Enterprise Content Management platform. Versions 7.2.8 and below, 7.3.1 through 7.3.13, 7.4.0-alpha.1 through 7.4.8 and 7.5.0 through 7.5.1 are vulnerable to XSS when an unsanitized value of the ajax URL query parameter is directly included within the section of the HTM...

CVE-2025-66492 Masa CMS vulnerable to Cross-Site Scripting (XSS) through URL Parameter

Masa CMS is an open source Enterprise Content Management platform. Versions 7.2.8 and below, 7.3.1 through 7.3.13, 7.4.0-alpha.1 through 7.4.8 and 7.5.0 through 7.5.1 are vulnerable to XSS when an unsanitized value of the ajax URL query parameter is directly included within the section of the HTM...

PT-2025-50881

Name of the Vulnerable Software and Affected Versions Masa CMS versions 7.2.8 and below Masa CMS versions 7.3.1 through 7.3.13 Masa CMS versions 7.4.0-alpha.1 through 7.4.8 Masa CMS versions 7.5.0 through 7.5.1 Description Masa CMS, an open source Enterprise Content Management platform, is...

CVE-2024-58298

Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the 'fileName' parameter to upload a web shell and execute...

CVE-2024-58304

SPA-CART CMS 1.9.0.3 contains a stored cross-site scripting vulnerability in the product description parameter that allows authenticated administrators to inject malicious scripts. Attackers can submit JavaScript payloads through the 'descr' parameter in the product edit form to execute arbitrary...

CVE-2024-58298 Compuware iStrobe Web 20.13 Pre-Auth Remote Code Execution via File Upload

Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload form. Attackers can exploit the 'fileName' parameter to upload a web shell and execute...

CVE-2025-14537

A weakness has been identified in code-projects Class and Exam Timetable Management 1.0. Affected by this issue is some unknown functionality of the file /preview7.php. This manipulation of the argument courseyearsection/semester causes sql injection. Remote exploitation of the attack is possible...

CVE-2025-13953

Bypass vulnerability in the authentication method in the GTT Tax Information System application, related to the Active Directory LDAP login method. Authentication is performed through a local WebSocket, but the web application does not properly validate the authenticity or origin of the data...

Adobe Experience Manager (AEM) Forms Login Panel Detected

This plugin detects the presence of the Adobe Experience Manager AEM Forms Login panel on a web application. No source data...

CVE-2025-64627

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-64611 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

Exploit for Deserialization of Untrusted Data in Facebook React

Introduction A P- bypass version of the WAF scanner has been...

EUVD-2025-202097

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bobbingwide oik oik allows DOM-Based XSS.This issue affects oik: from n/a through = 4.15.3...

ownCloud < 10.15.1 Information Disclosure Vulnerability

ownCloud is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud";...

Fortinet FortiWeb 数据伪造问题漏洞

Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A data forgery vulnerability exists in...

Fortinet FortiWeb 安全漏洞

Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A security vulnerability exists in Fortinet...

Fortinet FortiWeb 安全漏洞

Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A security vulnerability in Fortinet FortiWe...

PT-2025-50072

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in THEMECO Cornerstone cornerstone allows Stored XSS.This issue affects Cornerstone: from n/a through = 7.7.3...

PT-2025-50098

Name of the Vulnerable Software and Affected Versions Xinhu Rainrock RockOA version 2.7.0 Description An issue exists in the phpinisaveAction function within the webmain/system/cogini/coginiAction.php file. This allows authenticated users to modify PHP configuration files through the a parameter ...

Online Banking website using PHP SQL注入漏洞

Online Banking website using PHP is an online banking website by Rashmin Personal Developer. A SQL injection vulnerability exists in Online Banking website using PHP, which stems from incorrect manipulation of the parameter Username in the file /site/dist/authlogin.php, which can lead to SQL...