cross-site scripting

Microsoft published CVE-2026-45465 on June 9, 2026, describing an Important-rated Microsoft SharePoint Server spoofing vulnerability in supported on-premises SharePoint Server editions, caused by cross-site scripting and fixed through security updates for Subscription Edition, SharePoint Server...

Microsoft disclosed CVE-2026-45468 on June 9, 2026, as an Important-rated Microsoft SharePoint Server spoofing vulnerability caused by cross-site scripting, affecting SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016, with security updates...

Siemens and CISA warned on May 12 and May 14, 2026, respectively, that the web server in a broad set of SIMATIC S7 PLCs contains three cross-site scripting vulnerabilities affecting S7-1500, ET 200SP, Drive Controller, Software Controller, SIPLUS, and PLCSIM Advanced products. The flaw class is...

Schneider Electric’s Modicon PLC family is back in the spotlight with a web-facing cross-site scripting issue that affects M241, M251, M258, and LMC058 controllers, and the remediation path is straightforward but operationally significant: update firmware, harden the webserver, and reduce...

Microsoft has assigned CVE‑2026‑21512 to a cross‑site scripting (XSS) vulnerability affecting Azure DevOps Server, and while the vendor entry confirms the issue exists, public technical details remain deliberately limited—leaving administrators with a clear remediation imperative but with...

A critical Cross‑Site Scripting (XSS) flaw was assigned CVE‑2024‑6485 after researchers discovered that Bootstrap’s legacy Button plugin improperly handles the data-loading-text / data-*-text attributes, allowing attacker‑controlled HTML (including script) to be rendered when a button enters its...

Automated Logic’s WebCTRL Premium Server has been confirmed vulnerable to an open redirect and a cross‑site scripting (XSS) flaw — tracked as CVE‑2024‑8527 and CVE‑2024‑8528 — that together can be abused to phish operators, deliver malicious scripts into administrator browsers, and form...

Rockwell Automation has published fixes for two high‑impact vulnerabilities in FactoryTalk DataMosaix Private Cloud — an MFA bypass that can produce a valid login token without a password (CVE‑2025‑11084) and a persistent cross‑site scripting flaw that can enable account takeover or credential...

Microsoft has published a high‑severity advisory for CVE‑2025‑55321: a cross‑site scripting (CWE‑79) flaw in Azure Monitor Log Analytics that can be abused by a privileged user to inject and render attacker‑controlled content in the Azure Monitor web UI, enabling spoofing of telemetry...

Below is a plain‑language, technical, and operational writeup you can use to brief engineers, SOC, and leadership about CVE‑2025‑53728 (Microsoft Dynamics 365 — on‑premises) and what to do next. I’ve cited the vendor advisory you provided and independent sources where available, and I’ve...

Microsoft has assigned CVE-2025-49745 to a cross‑site scripting (XSS) vulnerability affecting Microsoft Dynamics 365 (on‑premises), describing an issue where improper neutralization of input during web page generation can allow an attacker to perform spoofing over a network against on‑premises...

The Cybersecurity and Infrastructure Security Agency (CISA) has recently issued nine advisories addressing critical vulnerabilities in various Industrial Control Systems (ICS). These advisories highlight potential risks that could significantly impact industrial operations across sectors such as...

In a significant move to bolster system security, Microsoft has announced that starting with Windows 11 version 24H2, the legacy JScript engine will be replaced by JScript9Legacy as the default scripting engine. This transition aims to address longstanding vulnerabilities associated with the...

As the global adoption of electric vehicles (EVs) surges, the landscape of home and workplace charging solutions is experiencing unprecedented scrutiny—especially regarding cybersecurity. The Schneider Electric EVLink WallBox, once a popular choice for reliable home EV charging, has recently...

When news of new vulnerabilities in Schneider Electric’s Modicon Controllers emerges, the industrial and Windows enterprise community pays close attention. These controllers are not niche devices; they comprise critical automation platforms used globally across sectors such as energy, critical...

In an era where both critical infrastructure and enterprise applications increasingly rely on interconnected data streams, the security of embedded widgets—once considered a minor element—has taken on profound significance. The recent disclosure of a severe cross-site scripting (XSS)...

When critical infrastructure and industrial environments are at stake, the resilience of software components interconnecting data pipelines is non-negotiable. The AVEVA PI Connector for CygNet is a keystone for organizations that rely on seamless, secure OT-IT integration, especially within...

Siemens RUGGEDCOM APE1808 Cross-Site Scripting Vulnerability: Critical Insights for Industrial and ICS Defenders Cybersecurity in industrial environments has never been more consequential, particularly as the line between operational technology (OT) and information technology (IT) continues to...

Industrial infrastructures rely on real-time insights, unfettered data flows, and the seamless orchestration of diverse operational technologies. Few platforms are as pivotal in this ecosystem as AVEVA’s PI Web API, a powerful portal that bridges operational data with enterprise applications and...

The Nuance Digital Engagement Platform (NDEP) has recently been identified as vulnerable to a cross-site scripting (XSS) flaw, cataloged as CVE-2025-47977. This vulnerability allows authorized attackers to perform spoofing attacks over a network by exploiting improper neutralization of input...