CVE-2022-30533

Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors...

Prison Management System 跨站脚本漏洞

Prison Management System is a prison management system from Carlo Montero's personal developer. version 1.0 of Prison Management System contains a cross-site scripting vulnerability that could be exploited to inject arbitrary html and script code into a website...

GHSA-C8J6-GQQ8-4PRJ Alkacon OpenCMS XSS via New User module

Alkacon OpenCMS v10.5.4 and before is affected by stored cross site scripting XSS in the module New User /opencms/system/workplace/admin/accounts/usernew.jsp. This allows an attacker to insert arbitrary JavaScript as user input First Name or Last Name, which will be executed whenever the affected...

Cross-site Scripting (XSS)

Overview web-tp3/wecmap is a WEC Google Maps. Affected versions of this package are vulnerable to Cross-site Scripting XSS via unspecified vectors. An attacker can inject arbitrary web script or HTML by crafting malicious input. Details Cross-site scripting or XSS is a code vulnerability that...

GHSA-74C7-R9M3-HVJ4 Dolibarr cross-site scripting (XSS) vulnerability

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the 1 CompanyName, 2 CompanyAddress, 3 CompanyZip, 4 CompanyTown, 5 Fax, 6 EMail, 7 Web, 8 ManagingDirectors, 9 Note, 10 Capital, 11 ProfId1, 12...

Withdrawn Advisory: Apache Struts XSS

Withdrawn Advisory This advisory has been withdrawn because it was deemed invalid. This link is maintained to preserve external references. Original Description Multiple cross-site scripting XSS vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML...

Jenkins allows Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via...

YUI Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML...

GHSA-G4FC-J79Q-GJRH Alkacon OpenCms XSS via username during login

Cross-site scripting XSS vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page...

CVE-2022-27436

A cross-site scripting XSS vulnerability in /public/admin/index.php?adduser at Ecommerce-Website v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username text field...

CVE-2021-20729

Cross-site scripting vulnerability in pfSense CE and pfSense Plus pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier allows a remote attacker to inject an arbitrary script via a malicious URL...

D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability

A cross-site scripting XSS vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML...

CVE-2022-25305

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the /includes/class-wp-statistics-ip.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site...

CVE-2022-22868

Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting XSS vulnerability, that allows attackers to inject arbitrary script via name parameters...

CVE-2022-0181

Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-20800

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-41467

Cross-site scripting XSS vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

CVE-2021-20770

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-20766

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors...