CVE-2023-24497

Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detaildevice functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploite...

CVE-2023-24031

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/ endpoint, to execute arbitrary JavaScript code, leading to information disclosure...

CVE-2023-2332

A stored Cross-site Scripting XSS vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of...

CVE-2022-40182

A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...

CVE-2021-29388

A stored cross-site scripting XSS vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budget Title'...

CVE-2020-8115

A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver = 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older version...

CVE-2020-15036

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter...

CVE-2020-15030

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Routes.php rtr parameter...

CVE-2020-14071

An issue was discovered in MK-AUTH 19.01. XSS vulnerabilities in admin and client scripts allow an attacker to execute arbitrary JavaScript code...

CVE-2017-9298

Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code...

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability

Zimbra Collaboration contains a cross-site scripting XSS vulnerability in the CalendarInvite feature of the Zimbra webmail classic user interface. An attacker can exploit this vulnerability via an email message containing a crafted calendar header, leading to the execution of arbitrary JavaScript...

CVE-2025-40631

HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScript code can be executed on page load. The user must interact with a malicious link to be redirected...

CVE-2025-28073

phpList before 3.6.15 is vulnerable to Reflected Cross-Site Scripting XSS via the /lists/dl.php endpoint. An attacker can inject arbitrary JavaScript code by manipulating the id parameter, which is improperly sanitized...

CVE-2025-45007

A Reflected Cross-Site Scripting XSS vulnerability was discovered in the profile.php file of PHPGurukul Timetable Generator System v1.0. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the adminname POST request parameter...

CVE-2025-45007

CVE-2025-45007 affects PHPGurukul Timetable Generator System v1.0, via the profile.php file. The vulnerability is a reflected Cross-Site Scripting (XSS) where the adminname parameter in a POST request can cause arbitrary JavaScript execution. Impact is consistent with a reflected XSS allowing scr...

GHSA-P5G4-V748-6FH8 tarteaucitron.js allows url scheme injection via unfiltered inputs

A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges access to the site's source code or a CMS plugin to enter a URL containing an insecure scheme such as javascript:alert. Before the fix, URL validation was insufficient, which could allow arbitrary JavaScript...

CVE-2024-9107 Stored XSS in gaizhenbiao/chuanhuchatgpt

A stored cross-site scripting XSS vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, affecting version git 20b2e02. The vulnerability arises from improper sanitization of HTML tags in chat history uploads. Specifically, the sanitization logic fails to handle HTML tags within code...

CVE-2024-48761

Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary JavaScript code via the "erro" parameter...

Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05075)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

CVE-2024-5888

There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...