EUVD-2019-20167

Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can inject script code through the name, subject, and message parameters in POST requests to...

EUVD-2026-26745

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation mechanism that fails open when input is sanitized by wpkses, combined with insufficient output...

CVE-2026-27614

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. When Pygments...

CVE-2026-27473 SPIP < 4.4.9 Stored Cross-Site Scripting via Syndicated Sites

SPIP before 4.4.9 allows Stored Cross-Site Scripting XSS via syndicated sites in the private area. The URLSYNDIC output is not properly sanitized on the private syndicated site page, allowing an attacker who can set a malicious syndication URL to inject persistent scripts that execute when other...

CVE-2021-47808

Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page...

Code-Projects Online Music Site SQL注入漏洞

Code-Projects Online Music Site is an online music site from Code-Projects open source. Code-Projects Online Music Site version 1.0 suffers from a SQL injection vulnerability that stems from incorrect manipulation of the parameter ID in the file /Administrator/PHP/AdminViewSongs.php, which could...

CVE-2023-53918 PodcastGenerator Stored Cross-Site Scripting via Episode Title Field

PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the episode title field accessible through the episodes upload interface episodesupload.php. Malicious JavaScript payloads injected into episode titles execute when administrators view the episodes list page...

Cacti Cross-Site Scripting Vulnerability

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. Cacti suffers from a cross-site scripting vulnerability that originates fro...

Design/Logic Flaw

An issue was discovered in HFish 0.5.1. When a payload is inserted where the name is entered, XSS code is triggered when the administrator views the information...

CVE-2020-22481

An issue was discovered in HFish 0.5.1. When a payload is inserted where the password is entered, XSS code is triggered when the administrator views the information...

PT-2018-15163 · Cuppacms · Cuppacms

Name of the Vulnerable Software and Affected Versions: CuppaCMS affected versions not specified Description: The issue is related to a Cross-Site Scripting XSS attack. It occurs when an SVG document is uploaded to the administrator//component/table manager/view/cu views URI, allowing malicious...

Restaurant Script (PizzaInn Project) - Persistent Cross-Site Scripting

Title: Pizza Inn Registration Stored XSS Severity: High CVE-ID: CVE-2014-6619 Release Date: 20 September 2014 Author: Kenneth F. Belva Websites: http://silverbackventuresllc.com http://xssWarrior.com http://securitymaverick.com Twitter: @infosecmaverick Contact: Please use website contact form...