7596 matches found
CVE-2022-27627
Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser...
CVE-2022-27496
Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors...
CVE-2019-12581
A reflective Cross-site scripting XSS vulnerability in the freetimefailed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter...
CVE-2026-21451 Bagisto has HTML Filter Bypass that Enables Stored XSS
Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting XSS vulnerability exists in Bagisto prior to version 2.3.10 within the CMS page editor. Although the platform normally attempts to sanitize tags, the filtering can be bypassed by manipulating the raw HTTP POST...
CVE-2025-45286
CVE-2025-45286 : A cross-site scripting (XSS) vulnerability affects the Go-based web framework/application mccutchen httpbin version 2.17.1 . The issue allows an attacker to inject arbitrary web scripts or HTML via a crafted payload. According to the CVE metadata, the attack vector is network-bas...
WordPress Review Disclaimer plugin cross-site scripting vulnerability
The WordPress Review Disclaimer plugin is a tool for quickly inserting product or service review disclaimers on WordPress websites. The WordPress Review Disclaimer plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping o...
WordPress Draft Notify plugin cross-site scripting vulnerability
WordPress Draft Notify plugin is a WordPress plugin for managing draft notifications on your WordPress site. The WordPress Draft Notify plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which...
Kentico Xperience HTML Injection Vulnerability
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an HTML injection vulnerability that stems from the lack of valid filtering and escaping of user-supplied data in unencoded form fields, which can be exploited by an attacker to execute arbitrary web...
Kentico Xperience cross-site scripting vulnerability (CNVD-2026-04266)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...
Kentico Xperience Rich Text Editor Component Cross-Site Scripting Vulnerability
Kentico Xperience is a digital experience platform from Kentico. A cross-site scripting vulnerability exists in the Kentico Xperience rich text editor component that can be exploited by an attacker to execute arbitrary script in a user's browser...
Kentico Xperience Cross-Site Scripting Vulnerability (CNVD-2026-05121)
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted payload...
CVE-2025-14499 IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability
IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of IceWarp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...
EUVD-2025-204594
Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upload malicious PHP scripts to the web root directory, enabling remote code execution on the server...
CVE-2023-53925
UliCMS 2023.1 contains a stored cross-site scripting vulnerability that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the file management interface that execute arbitrary scripts when viewed by other users...
Cross-site Scripting (XSS)
Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the function handler in the Vega AST evaluator. An attacker can execute arbitrary scripts in the...
PT-2025-52303
Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A reflected cross-site scripting issue exists in Kentico Xperience. This allows attackers to inject malicious scripts through administration input fields within the Rich text editor...
CVE-2023-53887
Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...
CVE-2023-36337
A reflected cross-site scripting XSS vulnerability in the component /index.php/cuzh4 of PHP Inventory Management System 1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
Local File Inclusion (LFI)
PrivateBin is vulnerable to Local File Inclusion LFI. The vulnerability is due to improper validation of the template cookie in the template-switching feature, which allows an attacker to include arbitrary PHP files and potentially read sensitive data or achieve remote code execution...
EUVD-2025-203027
Stored cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...