CVE-2025-45806

A cross-site scripting XSS vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

OpenUI Cross-Site Scripting Vulnerability

OpenUI is an open source UI program. A cross-site scripting vulnerability exists in OpenUI 1.0 and earlier versions. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the file frontend/public/annotator/index.html, which can be exploited by an...

CVE-2026-5899

Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

EUVD-2026-20052

Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...

CVE-2026-27787

Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...

PT-2026-31084

Name of the Vulnerable Software and Affected Versions MATCHA SNS versions prior to 1.4.0 Description A cross-site scripting issue exists. Successful exploitation could allow an attacker to execute arbitrary scripts in a user's web browser when they access the website. Recommendations Update to...

PT-2026-31288

Name of the Vulnerable Software and Affected Versions Robo Gallery versions through 5.1.3 Description The Robo Gallery plugin for WordPress is susceptible to Stored Cross-Site Scripting via the 'Loading Label' setting. The plugin utilizes a custom |...| marker pattern within its fixJsFunction...

CVE-2025-70844

yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...

CVE-2025-70844

yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...

Feehi CMS has an authenticated stored cross-site scripting (XSS) vulnerability via the Page Sign parameter

An authenticated stored cross-site scripting XSS vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Page Sign parameter...

Cross-site Scripting (XSS)

Overview feehi/cms is a Feehi CMS project template. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Name parameter in the Category module. An attacker can execute arbitrary web scripts or HTML by injecting a crafted payload. Details Cross-site scripting or XSS...

WordPress plugin ElementsKit Elementor Addons and Templates 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin ElementsKit Elementor Addon...

CVE-2025-10551

A Stored Cross-site Scripting XSS vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

EUVD-2026-17096

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addcategory.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HT...

PT-2026-28409

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Inventory System 1.0 in in the view purchase.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2026-32901

Affected software: OpenClaw prior to version 2026.3.2. Vulnerability type: semantic drift in node system.run approval hardening that rewrites wrapper argv, enabling execution of unintended local scripts when an attacker can influence argv and place malicious files in the approved working director...

EUVD-2024-55494

A Cross-Site Scripting XSS vulnerability exists in the page parameter of tiki-editpage.php in Tiki version 26.3 and earlier. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or unauthorized actions...

PT-2026-26813

The Comment Genius plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $ SERVER'PHP SELF' parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2016-20032

ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holidayname' and 'memo' POST parameters. Attackers can submit crafted requests with script code i...

CVE-2015-20114

Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads...