Reddit NetSec

AlienVault OTX General

CVE Database V5

Exploit-DB RSS Feed

Reddit InfoSec News

ThreatFox MISP Feed

CIRCL OSINT Feed

AlienVault OTX Vulnerabilities

AlienVault OTX Malware

ONLYOFFICE Docs (DocumentServer) in versions equal and below 8.3.1 are affected by a reflected cross-site scripting (XSS) issue when opening files via the WOPI protocol. Attackers could inject malicious scripts via crafted HTTP POST requests, which are then reflected in the server's HTML response.

CVE-2025-5301 is a reflected cross-site scripting (XSS) vulnerability affecting ONLYOFFICE Docs (DocumentServer) versions 8.3.1 and earlier. The vulnerability arises due to improper neutralization of input during web page generation, specifically when files are opened via the Web Application Open Platform Interface (WOPI) protocol. An attacker can craft malicious HTTP POST requests containing specially designed payloads that are reflected unsanitized in the HTML response generated by the server. This reflection enables the execution of arbitrary JavaScript code in the context of the victim's browser session. Since the vulnerability is reflected, it requires the victim to interact with a malicious link or file that triggers the crafted request. Exploitation could lead to session hijacking, credential theft, or unauthorized actions performed on behalf of the user within the ONLYOFFICE environment. The vulnerability does not require authentication to exploit, increasing its risk profile. Although no known exploits are currently reported in the wild, the presence of this vulnerability in a widely used document collaboration platform poses a significant risk, especially in environments where ONLYOFFICE Docs is exposed to untrusted networks or users. The lack of a patch at the time of publication further elevates the urgency for mitigation.

Detailed information about CVE-2025-5301: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in OnlyOffice Docs 

CVE-2025-5301: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in OnlyOffice Docs (DocumentServer) - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-5301: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in OnlyOffice Docs (DocumentServer)

A stored XSS vulnerability in RSTickets! component 1.9.12 - 3.3.0 for Joomla was discovered. It allows attackers to perform cross-site scripting (XSS) attacks via sending crafted payload.

CVE-2025-32465 is a high-severity stored Cross-Site Scripting (XSS) vulnerability identified in the RSTickets! component versions 1.9.12 through 3.3.0 for the Joomla content management system. The vulnerability arises due to improper neutralization of input during web page generation (CWE-79), allowing an attacker to inject malicious scripts that are stored persistently within the application. When a legitimate user accesses the affected page, the malicious payload executes in their browser context. This can lead to session hijacking, credential theft, unauthorized actions on behalf of the user, or distribution of malware. The CVSS 4.0 vector indicates that the attack can be performed remotely over the network without requiring authentication (AV:N, PR:L means low privileges required but no authentication needed), with low attack complexity (AC:L), but user interaction is necessary (UI:A) for the payload to execute. The vulnerability impacts confidentiality, integrity, and availability with high impact metrics (VC:H, VI:H, VA:H). The scope is unchanged (S:N), meaning the exploit affects only the vulnerable component. No known exploits are currently reported in the wild, and no official patches have been released yet. The vulnerability was reserved in April 2025 and published in June 2025. RSTickets! is a popular Joomla extension used for ticketing and customer support, often deployed by organizations to manage internal and external support requests. Stored XSS in such a component is particularly dangerous as it can affect multiple users and administrators who access the ticketing interface, potentially compromising sensitive organizational data and user credentials.

Detailed information about CVE-2025-32465: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in rsjoomla.com RSTickets

CVE-2025-32465: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in rsjoomla.com RSTickets! component for Joomla - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-32465: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in rsjoomla.com RSTickets! component for Joomla

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2025-0917 is a stored cross-site scripting (XSS) vulnerability affecting multiple versions of IBM Cognos Analytics, specifically versions 11.2.0 through 11.2.4 and 12.0.0 through 12.0.4. The vulnerability arises from improper neutralization of input during web page generation (CWE-79), allowing a privileged user to inject arbitrary JavaScript code into the web user interface. Because the injected script is stored and executed within the context of the trusted application session, it can alter the intended functionality of the web interface. This can lead to the disclosure of sensitive information such as user credentials or session tokens. The vulnerability requires a privileged user to exploit, meaning that an attacker must already have elevated access to the Cognos Analytics environment. No user interaction is required once the malicious script is embedded, and the vulnerability affects confidentiality and integrity but not availability. The CVSS v3.1 base score is 5.5 (medium severity), reflecting the network attack vector, low attack complexity, high privileges required, no user interaction, and a scope change. No known exploits are reported in the wild as of the publication date (June 11, 2025). The vulnerability impacts the web interface component of IBM Cognos Analytics, a widely used business intelligence and analytics platform, which is often deployed in enterprise environments for reporting and data visualization.

Detailed information about CVE-2025-0917: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IBM Cognos Analy

CVE-2025-0917: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IBM Cognos Analytics - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-0917: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in IBM Cognos Analytics

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Lightgallery allows Cross-Site Scripting (XSS).This issue affects Lightgallery: from 0.0.0 before 1.6.0.

CVE-2025-48447 is a Cross-Site Scripting (XSS) vulnerability identified in the Drupal Lightgallery module, affecting versions prior to 1.6.0. The vulnerability arises due to improper neutralization of input during web page generation, classified under CWE-79. Specifically, the Lightgallery module fails to adequately sanitize or encode user-supplied input before rendering it in the web page context, allowing attackers to inject malicious scripts. When exploited, this can lead to arbitrary JavaScript execution in the context of the victim's browser session. This type of vulnerability is particularly dangerous in web applications as it can be leveraged to steal session cookies, perform actions on behalf of authenticated users, redirect users to malicious sites, or deliver further payloads. The affected product, Drupal Lightgallery, is a popular module used to display image galleries within Drupal-powered websites. Since Drupal is widely used across various sectors including government, education, and enterprise in Europe, the presence of this vulnerability in a commonly deployed module poses a significant risk. No known exploits are currently reported in the wild, and no official patches have been linked yet, indicating that the vulnerability is newly disclosed. The lack of a CVSS score suggests that the severity assessment must be inferred from the nature of the vulnerability and its context. Given that XSS vulnerabilities can be exploited remotely without authentication and can impact confidentiality, integrity, and user trust, this issue demands prompt attention from administrators of affected Drupal sites.

Detailed information about CVE-2025-48447: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal Lightgallery af

CVE-2025-48447: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal Lightgallery - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-48447: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal Lightgallery

The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-date-*’ parameters in all versions up to, and including, 6.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2025-5144 is a stored Cross-Site Scripting (XSS) vulnerability identified in The Events Calendar plugin for WordPress, affecting all versions up to and including 6.13.2. The vulnerability arises due to improper neutralization of input during web page generation, specifically through the ‘data-date-*’ parameters. These parameters are not sufficiently sanitized or escaped before being rendered on pages, allowing an attacker with authenticated Contributor-level access or higher to inject arbitrary malicious scripts. Once injected, these scripts execute in the context of any user who views the compromised page, potentially leading to session hijacking, privilege escalation, or unauthorized actions performed on behalf of the victim. The vulnerability does not require user interaction to trigger, but it does require the attacker to have some level of authenticated access (Contributor or above), which limits exploitation to insiders or compromised accounts. The CVSS 3.1 base score is 6.4 (medium severity), reflecting the network attack vector, low attack complexity, and privileges required. The scope is changed (S:C), indicating that the vulnerability affects resources beyond the initially vulnerable component, with limited confidentiality and integrity impact but no availability impact. No known exploits are currently reported in the wild, and no official patches have been released as of the publication date (June 11, 2025).

Detailed information about CVE-2025-5144: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in theeventscalendar The E

CVE-2025-5144: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in theeventscalendar The Events Calendar - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-5144: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in theeventscalendar The Events Calendar

The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘HTTP_REFERER’ parameter in all versions up to, and including, 7.1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 7.1.0.0.

CVE-2025-3302 is a high-severity Stored Cross-Site Scripting (XSS) vulnerability affecting the Xagio SEO – AI Powered SEO plugin for WordPress, specifically all versions up to and including 7.1.0.16. The root cause of the vulnerability lies in improper neutralization of input during web page generation (CWE-79), where the plugin fails to adequately sanitize and escape the 'HTTP_REFERER' parameter. This flaw allows unauthenticated attackers to inject arbitrary malicious scripts into web pages generated by the plugin. When a user visits a page containing the injected script, the malicious code executes in the context of the victim's browser, potentially leading to session hijacking, credential theft, defacement, or redirection to malicious sites. Notably, the vulnerability is exploitable remotely without any authentication or user interaction, increasing its risk profile. Although a partial patch was introduced in version 7.1.0.0, the vulnerability persists through version 7.1.0.16, indicating incomplete remediation. The vulnerability has a CVSS v3.1 base score of 7.2, reflecting its high severity due to network attack vector, low attack complexity, no privileges required, no user interaction needed, and a scope change (impacting components beyond the vulnerable plugin). The impact affects confidentiality and integrity but not availability. No known exploits are currently reported in the wild, but the ease of exploitation and the widespread use of WordPress and SEO plugins make this a significant threat vector. The vulnerability is particularly critical because SEO plugins often have broad access to content generation and page rendering, increasing the potential attack surface and impact scope.

Detailed information about CVE-2025-3302: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in xagio Xagio SEO – AI Po

CVE-2025-3302: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in xagio Xagio SEO – AI Powered SEO - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-3302: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in xagio Xagio SEO – AI Powered SEO

The Zotpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nickname’ parameter in all versions up to, and including, 7.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2025-4666 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Zotpress plugin for WordPress, developed by kseaborn. This vulnerability exists in all versions up to and including 7.3.15 due to improper neutralization of input during web page generation, specifically via the 'nickname' parameter. The root cause is insufficient input sanitization and output escaping, which allows an authenticated attacker with Author-level privileges or higher to inject arbitrary malicious scripts into pages generated by the plugin. These scripts execute in the context of any user who views the compromised page, potentially leading to session hijacking, privilege escalation, or unauthorized actions performed on behalf of the victim user. The vulnerability does not require user interaction once the malicious content is stored and viewed, and it affects the confidentiality and integrity of user data. The CVSS 3.1 base score is 6.4 (medium severity), reflecting that the attack vector is network-based, with low attack complexity, requiring privileges (Author or above), no user interaction, and impacting confidentiality and integrity with no impact on availability. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability is scoped to WordPress sites using the Zotpress plugin, which is commonly used for managing Zotero references and bibliographies, often in academic, research, and publishing contexts.

Detailed information about CVE-2025-4666: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in kseaborn Zotpress affec

CVE-2025-4666: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in kseaborn Zotpress - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-4666: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in kseaborn Zotpress

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

CVE-2025-47117 is a stored DOM-based Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM) versions 6.5.22 and earlier. This vulnerability allows a low-privileged attacker to inject malicious JavaScript code into vulnerable form fields within the AEM interface. When a victim user accesses a page containing the compromised form field, the injected script executes in their browser context. The vulnerability arises from insufficient input sanitization and output encoding in the handling of user-supplied data within the Document Object Model (DOM), enabling persistent script injection. Because the attack is stored, the malicious payload remains on the server and can affect multiple users who visit the infected page. The CVSS 3.1 base score is 5.4 (medium severity), reflecting that the attack vector is network-based, requires low privileges, and user interaction is necessary (the victim must visit the affected page). The scope is changed, indicating that the vulnerability can affect components beyond the initially vulnerable module. The impact includes limited confidentiality and integrity loss, as the attacker can execute arbitrary scripts in the victim’s browser, potentially stealing session tokens, performing actions on behalf of the user, or manipulating displayed content. Availability is not impacted. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was reserved in late April 2025 and published in June 2025, indicating recent discovery and disclosure. Adobe Experience Manager is a widely used enterprise content management system, often deployed in large organizations for managing digital assets and web content, making this vulnerability relevant for organizations relying on AEM for their web presence and internal portals.

Detailed information about CVE-2025-47117: Cross-site Scripting (DOM-based XSS) (CWE-79) in Adobe Adobe Experience Manager affecting Adobe Adobe Experience Mana

CVE-2025-47117: Cross-site Scripting (DOM-based XSS) (CWE-79) in Adobe Adobe Experience Manager - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-47117: Cross-site Scripting (DOM-based XSS) (CWE-79) in Adobe Adobe Experience Manager

CVE-2025-47116 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM) versions 6.5.22 and earlier. This vulnerability allows a low-privileged attacker to inject malicious JavaScript code into vulnerable form fields within the AEM interface. When a victim subsequently accesses the affected page containing the injected script, the malicious code executes in their browser context. The vulnerability is classified as CWE-79, indicating improper neutralization of input during web page generation. The CVSS 3.1 base score is 5.4 (medium severity), with an attack vector of network (remote exploitation), low attack complexity, requiring low privileges, and user interaction (victim must browse to the infected page). The scope is changed, meaning the vulnerability can impact components beyond the initially vulnerable module. The impact affects confidentiality and integrity, as malicious scripts could steal session tokens, perform actions on behalf of the user, or manipulate displayed content. Availability is not impacted. No known exploits are currently reported in the wild, and no official patches or mitigations have been linked yet. The vulnerability arises from insufficient input validation and output encoding in form fields, allowing persistent script injection that is stored on the server and served to other users. Given AEM’s role as a content management system widely used for enterprise websites and intranet portals, exploitation could lead to significant data leakage, session hijacking, or defacement attacks targeting users with access to the affected pages.

Detailed information about CVE-2025-47116: Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Adobe Experience Manager affecting Adobe Adobe Experience Manager

CVE-2025-47116: Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Adobe Experience Manager - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-47116: Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Adobe Experience Manager

CVE-2025-47115 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM) versions 6.5.22 and earlier. This vulnerability arises from insufficient input sanitization in certain form fields within AEM, allowing a low-privileged attacker to inject malicious JavaScript code that is persistently stored on the server. When a victim user accesses the affected page containing the maliciously crafted form field, the injected script executes in their browser context. The vulnerability is classified under CWE-79, indicating improper neutralization of input during web page generation. The CVSS v3.1 base score is 5.4 (medium severity), with vector metrics indicating network attack vector (AV:N), low attack complexity (AC:L), requiring low privileges (PR:L), and user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the vulnerable component, and the impact is limited to low confidentiality and integrity impacts (C:L/I:L), with no availability impact (A:N). No known exploits are currently reported in the wild, and no patches have been linked yet. Stored XSS vulnerabilities in AEM are particularly concerning because AEM is widely used by enterprises for content management and digital experience delivery, making it a valuable target for attackers seeking to compromise user sessions, steal sensitive information, or conduct phishing attacks within trusted domains. The requirement for user interaction (visiting the affected page) and low privileges for exploitation lowers the barrier for attackers, although the medium CVSS score reflects limited direct impact on system availability or full confidentiality compromise.

Detailed information about CVE-2025-47115: Cross-site Scripting (Stored XSS) (CWE-79) in Adobe Adobe Experience Manager affecting Adobe Adobe Experience Manager

Title	Severity	Type	Source	Date

Threats Tagged 'cwe-79'

Filter Threats

Threats Tagged 'cwe-79'