CVE-2009-2913

Cross-site scripting XSS vulnerability in index.php in XZero Community Classifieds 4.97.8 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-6687

Cross-site scripting XSS vulnerability in Web Automated Perl Portal WebAPP 0.9.9.4, and 0.9.9.3.4 Network Edition NE aka WebAPP.NET, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtaine...

CVE-2008-0180

Cross-site scripting XSS vulnerability in themes/unstyled/templates/init.vm in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Greeting field in a User Profile...

GHSA-6P8W-PC35-MQV8 [clickstorm] SEO (cs_seo) TYPO3 extension Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the clickstorm SEO csseo TYPO3 extension allows backend users to execute arbitrary script via the JSON-LD output...

CVE-2025-32999

Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is exploited, an arbitrary...

CVE-2025-32999

CVE-2025-32999 : The vulnerability affects a-blog cms prior to version 3.1.43 and prior to 3.0.47. It is a cross-site scripting issue in a specific field of the entry editing screen that requires contributor or higher privileges to exploit. If exploited, an arbitrary script may execute in the web...

CVE-2024-51106

CVE-2024-51106 → A cross-site scripting (XSS) vulnerability in PHPGURUKUL Medical Card Generation System v1.0, in the mcgs/admin/aboutus.php component, allows injecting a crafted payload via the pagetitle parameter. Affected: PHPGURUKUL Medical Card Generation System (PHP/MySQL, v1.0). Root cause...

CVE-2024-51106

A cross-site scripting XSS vulnerability in the component mcgs/admin/aboutus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle parameter...

CVE-2025-29689

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at /mail/MailController.java...

CVE-2025-29686

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/InformManageController.java...

CVE-2025-29686

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/InformManageController.java...

CVE-2025-29689

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at /mail/MailController.java...

CVE-2025-29688

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /daymanager/daymanageabilitycontroller.java...

JetBrains TeamCity Diagnostics Data Directory Cross-Site Scripting Vulnerability

This vulnerability allows remote attackers to execute arbitrary script on affected installations of JetBrains TeamCity. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the handling of filenames in the diagnostics functionality. The issue results...

Cross-site Scripting (XSS)

Overview org.webjars.npm:trix is a Rich Text Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the copy and paste functionality. An attacker can execute arbitrary JavaScript code within the user's session by tricking a user into pasting malicious content...

libreoffice security update

An update is available for libreoffice. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list LibreOffice is an open source, community-developed office productivity...

Wiesemann & Theis Web-IO 跨站脚本漏洞

Wiesemann & Theis Web-IO is a Wiesemann & Theis component for small to medium-sized remote IO and monitoring applications over TCP/IP Ethernet. A cross-site scripting vulnerability exists in Wiesemann & Theis Web-IO that originates from a configuration web page where multiple fields can be inject...

CVE-2025-45236

A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...

yelp: Arbitrary file read

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment...

CVE-2025-45236

Affected product: DBSyncer v2.0.6. Vulnerability: stored cross-site scripting (XSS) in the Edit Profile feature via the Nickname parameter. Root cause: mishandling of the Nickname field enabling injection of arbitrary web scripts/HTML. Impact: attackers can execute scripts or HTML in the context ...