EUVD-2020-30988

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...

CVE-2025-66488

Discourse is an open source discussion platform. A vulnerability present in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 affects anyone who uses S3 for uploads. While scripts may be executed, they will only be run in the context of the S3/CDN domain, with no site credentials...

CVE-2025-66488

Discourse is an open source discussion platform. A vulnerability present in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 affects anyone who uses S3 for uploads. While scripts may be executed, they will only be run in the context of the S3/CDN domain, with no site credentials...

CVE-2025-66488

Discourse (open source platform) has a vulnerability affecting installations using S3 for uploads, present in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. The issue allows script execution within the S3/CDN domain context when HTML/XML uploads are processed; no site credentials ar...

CVE-2025-66488 Discourse allows script execution in uploaded HTML/XML files on S3

Discourse is an open source discussion platform. A vulnerability present in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 affects anyone who uses S3 for uploads. While scripts may be executed, they will only be run in the context of the S3/CDN domain, with no site credentials...

CVE-2025-66488

Discourse is an open source discussion platform. A vulnerability present in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 affects anyone who uses S3 for uploads. While scripts may be executed, they will only be run in the context of the S3/CDN domain, with no site credentials...

FacturaScripts is Vulnerable to Stored Cross-Site Scripting (XSS) via XML File Upload

A stored cross-site scripting XSS vulnerability exists in the product file upload functionality. Authenticated users can upload crafted XML files containing executable JavaScript. These files are later rendered by the application without sufficient sanitization or content-type enforcement, allowi...

CVE-2025-69210 FacturaScripts vulnerable to Stored Cross-Site Scripting (XSS) via XML File Upload

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.7, a stored cross-site scripting XSS vulnerability exists in the product file upload functionality. Authenticated users can upload crafted XML files containing executable JavaScript. These...

PT-2024-5242 · Roundup · Roundup

Name of the Vulnerable Software and Affected Versions: Roundup versions prior to 2.4.0 Description: The issue is related to the lack of protection of the web page structure in the Roundup error tracking system. This allows a remote attacker to conduct cross-site scripting attacks by uploading...

PT-2024-25298 · Ilias · Ilias

Name of the Vulnerable Software and Affected Versions: ILIAS versions 7.0.0 through 7.29 ILIAS versions 8.0.0 through 8.10 Description: A Stored Cross-site Scripting XSS issue allows remote authenticated attackers with tutor privileges to inject arbitrary web script or HTML via XML file upload...

ILIAS 安全漏洞

ILIAS is an open source learning management system. A security vulnerability exists in ILIAS versions 7.x prior to 7.30 and 8.x prior to 8.11, which stems from a stored cross-site scripting XSS vulnerability that could allow a remote, authenticated attacker to inject arbitrary web script or HTML...

Vulnerabilities fixed in MediaWiki

Vulnerabilities have been fixed in MediaWiki. A malicious party can exploit the vulnerabilities to cause a denial-of-service cause, or to launch a Cross-Site-Scripting attack XSS which may allow the malicious party to grant itself elevated privileges when the administrator of a wiki allows XML...

PT-2023-13967 · Opentext · Opentext Archive Center Administration

Name of the Vulnerable Software and Affected Versions: OpenText Archive Center Administration versions prior to 21.3 Description: The issue allows XXE attacks, where authenticated users could upload XML files that are not sufficiently validated, potentially leading to data exfiltration or localiz...

DotNetNuke 9.5 - Persistent Cross-Site Scripting

Exploit Title: DotNetNuke 9.5 - Persistent Cross-Site Scripting Date: 2020-02-23 Exploit Author: Sajjad Pourali Vendor Homepage: http://dnnsoftware.com/ Software Link: https://github.com/dnnsoftware/Dnn.Platform/releases/download/v9.5.0/DNNPlatform9.5.0Install.zip Version: . For instance, uploadi...

CVE-2010-3600

Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was...

Code injection

Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was...

CVE-2010-3600

Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was...