CVE-2006-0215

Cross-site scripting XSS vulnerability in admin.php in QualityEBiz Quality PPC QPPC 1.0 build 1644 allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. NOTE: this issue might be resultant from CVE-2006-0216...

CVE-2009-2078

Multiple cross-site scripting XSS vulnerabilities in Booktree 5.x before 5.x-7.3 and 6.x before 6.x-1.1, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the 1 node title and 2 node body in a tree root page...

CVE-2005-2386

Cross-site scripting XSS vulnerability in viewCart.asp in CartWIZ 1.20 allows remote attackers to inject arbitrary web script or HTML via the message parameter...

CVE-2002-2377

Cross-site scripting XSS vulnerability in addentry.cgi in ZAP 1.0.3 allows remote attackers to inject arbitrary SSi directives, web script, and HTML via the entry field...

CVE-2002-2318

Cross-site scripting XSS vulnerability in Falcon web server 2.0.0.1009 through 2.0.0.1021 allows remote attackers to inject arbitrary web script or HTML via the URI, which is inserted into 301 error messages and executed by 404 error messages...

CVE-2009-2913

Cross-site scripting XSS vulnerability in index.php in XZero Community Classifieds 4.97.8 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-6687

Cross-site scripting XSS vulnerability in Web Automated Perl Portal WebAPP 0.9.9.4, and 0.9.9.3.4 Network Edition NE aka WebAPP.NET, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtaine...

CVE-2008-0180

Cross-site scripting XSS vulnerability in themes/unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile...

(0Day) Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the processing of the User-Agent HTTP header. The issue results from the lack o...

CVE-2025-1773

The Traveler theme for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2024-11376

CVE-2024-11376 : Affected software is the WordPress plugin “s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions”. The vulnerability is a Reflected Cross-Site Scripting (XSS) due to the use of add_query_arg without proper escaping, reported...

CVE-2024-11328

CVE-2024-11328 affects the CLUEVO LMS, a WordPress plugin, in versions up to and including 1.13.2. The issue is Reflected Cross-Site Scripting caused by using add_query_arg and remove_query_arg without proper escaping on the URL. Information from Red Hat and Wordfence confirms the vulnerability, ...

CVE-2024-12338

The Website Toolbox Community plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘websitetoolboxusername’ parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacker...

WordPress plugin Social Media Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

Veritas Enterprise Vault HTMLView Cross-Site Scripting Vulnerability

This vulnerability allows remote attackers to execute web requests with the target user's privileges on affected installations of Veritas Enterprise Vault. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...

WordPress plugin NiceJob 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Beauty Parlour Management System Cross-Site Scripting Vulnerability (CNVD-2025-20923)

Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a cross-site scripting vulnerability, which originates from a cross-site scripting vulnerability in...

WordPress plugin mFolio Lite 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

PHPGurukul Beauty Parlour Management System 安全漏洞

Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a cross-site scripting vulnerability, which originates from a cross-site scripting vulnerability in...

CVE-2024-9206

The MAS Companies For WP Job Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.0.13. This makes it possible for unauthenticated attackers to inject arbitrary we...