CVE-2026-6824

A stored cross-site scripting XSS vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend. When administrators o...

CVE-2026-33862

A vulnerability has been identified in Teamcenter V2312 All versions V2312.0014, Teamcenter V2406 All versions V2406.0012, Teamcenter V2412 All versions V2412.0009, Teamcenter V2506 All versions V2506.0005, Teamcenter V2512 All versions. The affected application does not properly encode or filter...

PT-2026-39988

A vulnerability has been identified in Teamcenter V2312 All versions V2312.0014, Teamcenter V2406 All versions V2406.0012, Teamcenter V2412 All versions V2412.0009, Teamcenter V2506 All versions V2506.0005, Teamcenter V2512 All versions. The affected application does not properly encode or filter...

CVE-2026-24672 Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in User Profile Fields

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into user profile fields, which is executed when users with viewing...

CVE-2025-13739

The CryptX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cryptx shortcode in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...

hudaallah Linker CMS 1.0 Cross Site Scripting

==================================================================================================================================== | Title : hudaallah Linker CMS v1.0 Xss Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...

PT-2022-11720 · Unknown · Chikista Patient Management

Name of the Vulnerable Software and Affected Versions: Chikista Patient Management Software version 2.0.2 Description: A Cross Site Scripting XSS issue exists in the first name parameter in several pages, including "patient/insert", "patient report", "appointment report", "visit report", and "bil...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user's account through the stolen cookie. PoC php 1. Login as Admin 2. Go to Syst...

GamePress <= 1.1.0 - Reflected Cross-Site Scripting

The plugin does not escape the opedit POST parameter before outputting it back in multiple Game Option pages, leading to Reflected Cross-Site Scripting issues PoC Affected pages: op=engines, op=perspectives, op=modes, op=genres, op=themes, op=platforms...

CVE-2020-16941

An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page. To take advantage of...

PT-2020-4316 · Microsoft · Sharepoint Foundation +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: An information disclosure issue...

CVE-2017-17478

An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code up to 64 characters into a text field in Designer Studio, after establishing context. Designer Studio is the...

Comersus 5.098 XSS Vulnerable

Comersus Shopping Cart 5.098 XSS Vulnerability ======================================================= Vulnerable Systems: Comersus Cart Version 5.098 Comersus is an open source shopping cart.I found a few XSS Vulnerabilty : Pages Affected: /comersus/store/comersusmessage.asp...

XSS Vulnerabilities in Alan Ward Acart

Vulnerability: XSS Vulnerabilities in msg Description: XSS Cross Site Scripting vulnerabilities exist in the msg parameter passed in the URL to many pages. This can be used to run arbitrary code on the website, or redirect to some other malicious script. These pages include: deliver.asp error.asp...