CVE-2025-26091

MEDIUM Year: 2025
CVSS v3 Score
4.6
Medium
Weakness Type
CWE-79
View all →

Vulnerability Description

A Cross Site Scripting (XSS) vulnerability exists in TeamPasswordManager v12.162.284 and before that could allow a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'name' parameter when creating a new password in the "My Passwords" page.

Related Vulnerabilities

CVE-2015-9426

MEDIUM
CVSS:4.6(Medium)

The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter.

CWE-792015

CVE-2018-8815

MEDIUM
CVSS:4.6(Medium)

Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image.

CWE-792018

CVE-2019-16295

MEDIUM
CVSS:4.6(Medium)

Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. This can be exploited by a local attacker who supplies a crafted filename w...

CWE-792019

CVE-2019-3889

MEDIUM
CVSS:4.6(Medium)

A reflected XSS vulnerability exists in authorization flow of OpenShift Container Platform versions: openshift-online-3, openshift-enterprise-3.4 through 3.7 and openshift-enterprise-3.9 through 3.11....

CWE-792019

CVE-2020-4691

MEDIUM
CVSS:4.6(Medium)

IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential...

CWE-792020

CVE-2020-7301

MEDIUM
CVSS:4.6(Medium)

Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated attackers to trigger alerts via the file upload tab in the DLP case managemen...

CWE-792020