CVE-2025-20353 Cisco Catalyst Center Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Catalyst Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user input. An...

Cross-site Scripting (XSS)

Overview Bit.Boilerplate is an At bitplatform, we've curated a comprehensive toolkit to empower you in crafting the finest projects using Blazor. Diverging from others merely offering UI Toolkits, bit BlazorUI components distinguishes itself with over 80 components, with a compact size of under 4...

HP Integrated Lights-Out HTML Injection (CVE-2013-4842)

Cross-site scripting XSS vulnerability in HP Integrated Lights-Out 4 iLO4 with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

WordPress Doliconnect plugin cross-site scripting vulnerability

WordPress Doliconnect plugin is a WordPress plugin that is mainly used to connect ERP systems such as Dolibarr with WordPress websites for data synchronization and functional integration. WordPress Doliconnect plugin suffers from a cross-site scripting vulnerability that stems from the...

CVE-2025-20304

Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

CVE-2025-61994

Cross-site scripting vulnerability exists in GROWI prior to v7.2.10. If a malicious user creates a page containing crafted contents, an arbitrary script may be executed on the web browser of a victim user who accesses the page...

CVE-2025-11987

The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's visual-link-preview shortcode in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress K Elements plugin cross-site scripting vulnerability

WordPress K Elements plugin is an extension to the Elementor page builder that provides preset templates, advanced widgets, and customization features to help users quickly create responsive websites. A cross-site scripting vulnerability exists in WordPress K Elements plugin, which stems from the...

CVE-2016-15054

CVE-2016-15054 is rejected/not used and does not represent an active vulnerability entry.

WordPress plugin kallyas 跨站脚本漏洞

WordPress kallyas plugin is a website builder designed for WordPress that offers theme and plugin functionality. WordPress kallyas plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can b...

CVE-2021-47690

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting XSS vulnerabilities in Overlay modals. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the conte...

CVE-2025-62264

Reflected cross-site scripting XSS vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the...

CVE-2024-13992 Nagios XI < 2024R1.1 XSS via Missing Page / 404

Nagios XI versions prior to 2024R1.1 is vulnerable to a cross-site scripting XSS when a user visits the "missing page" 404 page after following a link from another website. The vulnerable component, page-missing.php, fails to properly validate or escape user-supplied input, allowing an attacker t...

EUVD-2018-21610

Nagios Fusion versions prior to 4.1.5 are vulnerable to cross-site scripting XSS via the "fusionwindow" parameter. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

WordPress Plugin K Elements 安全漏洞

WordPress K Elements plugin is an extension to the Elementor page builder that provides preset templates, advanced widgets, and customization features to help users quickly create responsive websites. A cross-site scripting vulnerability exists in WordPress K Elements plugin, which stems from the...

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27636)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the REMOTELOGADDR parameter of the...

IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2025-27446)

IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...

CVE-2022-50588

Nagios XI versions prior to 5.8.9 are vulnerable to cross-site scripting XSS in the update checking feature. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2021-47690

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting XSS vulnerabilities in Overlay modals. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the conte...

CVE-2021-47691

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting XSS vulnerabilities via the Services page affecting the configname and servicedescription fields. Insufficient validation or escaping of user-supplied input may allow an...