CVE-2002-1852

Cross-site scripting XSS vulnerability in Monkey 0.5.0 allows remote attackers to inject arbitrary web script or HTML via 1 the URL or 2 a parameter to test2.pl...

CVE-2009-2893

Multiple cross-site scripting XSS vulnerabilities in index.php in XZero Community Classifieds 4.97.8 allow remote attackers to inject arbitrary web script or HTML via 1 the postevent parameter in a post action or 2 the xzcaly parameter...

CVE-2006-6536

Cross-site scripting XSS vulnerability in hata.asp in Cilem Haber Free Edition allows remote attackers to inject arbitrary web script or HTML via the hata parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2009-1080

Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager IdM 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID 19033...

CVE-2007-0437

Multiple cross-site scripting XSS vulnerabilities in the sample Cache' Server Page CSP scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via 1 the TO parameter to loop.csp, 2 the VALUE parameter to cookie.csp, and 3 the PAGE parameter to showsource.csp i...

BIT-DOLIBARR-2020-7994

Multiple cross-site scripting XSS vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 labellibelle parameter to the /htdocs/admin/dict.php?id=3 page; the 2 nameconstname parameter to the /htdocs/admin/const.php?mainmenu=home page; the 3...

Rafed CMS 安全漏洞

Rafed CMS is a blogging system from Rafed Inc. A security vulnerability exists in Rafed CMS version 1.44, which stems from a cross-site scripting vulnerability that could allow an attacker to execute arbitrary web script or HTML via a specially crafted payload...

IBM Control Center Cross-Site Scripting Vulnerability

IBM Control Center is a centralized monitoring and management system from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Control Center versions 6.2.1 through 6.3.1, which stems from improper validation of the HOST header input, and can be exploited by an...

CVE-2025-27585

A stored cross-site scripting XSS vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System SIS EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Print Name parameter at /rest/staffResource/update...

CVE-2024-3729

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'feaencrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated attackers to manipulate the user processing forms, which can ...

CVE-2025-22997

The CVE-2025-22997 entry concerns a stored XSS in Linksys E5600 Router (up to version 1.1.0.26) via the PRF_Table_content component, where a crafted payload in the desc parameter can execute arbitrary scripts. Affected product: Linksys E5600 Router (firmware 1.1.0.26 and earlier). Root cause: lac...

WordPress plugin Hash Elements cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Hash...

GHSA-PX38-239G-X5MG Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page

Cross-site scripting XSS vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted...

CVE-2024-53279

Improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability in file station functionality in Synology Router Manager SRM before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to read or write specific files containing non-sensiti...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-45898)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2024-48933

A cross-site scripting XSS vulnerability in LemonLDAP::NG before 2.19.3 allows remote attackers to inject arbitrary web script or HTML into the login page via a username if userControl has been set to a non-default value that allows special HTML characters...

CVE-2024-41515

A reflected cross-site scripting XSS vulnerability in "ccHandlerResource.ashx" in CADClick = 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "resurl" parameter...

CVE-2024-47854

CVE-2024-47854 describes a reflected XSS vulnerability in Veritas Data Insight before 7.1. The issue allows a remote attacker to inject arbitrary web script into an HTTP request, which could be reflected to an authenticated user if executed, due to insufficient sanitization. Affected software: Ve...

CVE-2024-47854

An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user...

CVE-2024-41516

CVE-2024-41516 is a reflected XSS in CADClick