Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the referer and FORWARDURL parameters. An attacker can execute arbitrary JavaScript in the context of a user's browser by injecting malicious payloads using encoded characters and a null-byte %00 in these...

CVE-2025-9225

Stored cross-site scripting XSS in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser...

EHCP Easy Hosting Control Panel 安全漏洞

EHCP Easy Hosting Control Panel is an open source web hosting control panel from EHCP. A security vulnerability exists in EHCP Easy Hosting Control Panel version 20.04.1.b. The vulnerability stems from a reflective cross-site scripting vulnerability in the action parameter of the List MySQL...

CVE-2025-55106

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in th...

Esri Portal for ArcGIS Enterprise Sites 跨站脚本漏洞

Esri Portal for ArcGIS Enterprise Sites is a geographic information portal publishing software from Esri, Inc. A cross-site scripting vulnerability exists in Esri Portal for ArcGIS Enterprise Sites, which stems from a stored cross-site scripting vulnerability that could lead to the execution of...

CVE-2025-9225

CVE-2025-9225 affects MiR software prior to 3.0.0 in MiR Robots and MiR Fleet. The issue is a stored cross-site scripting (XSS) in the web interface, enabling execution of arbitrary JavaScript in a victim’s browser. Root cause details are not elaborated beyond the XSS attribution in multiple sour...

WellChoose Organization Portal System Cross-Site Scripting Vulnerability (CNVD-2025-19588)

WellChoose Organization Portal System is an electronic directory service system from WellChoose in Taiwan, China. The WellChoose Organization Portal System suffers from a cross-site scripting vulnerability that originates from the application's lack of effective filtering and escaping of...

CVE-2025-51488

A Stored Cross-Site Scripting XSS vulnerability exists in MoonShine version 3.12.4, allowing remote attackers to store and execute arbitrary JavaScript by including a malicious HTML payload in the Name parameter when creating a new Admin...

CVE-2025-45314

A cross-site scripting XSS vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the add function...

CVE-2025-53631 flaskBlog XSS Vulnerability in postContent

flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution XSS on all pages the post is reflected on including /, /post/ID, /admin/posts, and /user/ID of the user...

FlaskBlog 跨站脚本漏洞

FlaskBlog is a simple blogging application built using Flask by Doğukan Ürker, an individual developer. A cross-site scripting vulnerability exists in flaskBlog 2.8.1 and earlier versions, which stems from improper postContent cleanup and could lead to arbitrary JavaScript execution...

CVE-2025-45313

A cross-site scripting XSS vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the title parameter...

CVE-2025-45314

CVE-2025-45314 describes an XSS in hortusfox-web v4.4 affecting the /Calendar endpoint, where a crafted payload injected into the add function allows arbitrary JavaScript execution in a user’s browser. The vulnerability is evidenced across multiple sources in the connected documents, including Re...

CVE-2025-45313

A cross-site scripting XSS vulnerability in the /tasks endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the title parameter...

WellChoose Organization Portal System 跨站脚本漏洞

WellChoose Organization Portal System is an electronic directory service system from WellChoose in Taiwan, China. A cross-site scripting vulnerability exists in the WellChoose Organization Portal System that can be exploited by an attacker to execute arbitrary JavaScript code in a user's browser...

CVE-2025-45314

A cross-site scripting XSS vulnerability in the /Calendar endpoint of hortusfox-web v4.4 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the add function...

CVE-2025-51531

A reflected cross-site scripting XSS vulnerability in Sage DPW 202412004 and earlier allows attackers to execute arbitrary JavaScript in the context of a victim's browser via injecting a crafted payload into the tabfields parameter at /dpw/scripts/cgiip.exe/WService. The vendor has stated that th...

CVE-2012-10032

Maxthon3 before version 3.3 is vulnerable to cross-context scripting (XCS) via the about:history page. The trusted zone may execute injected script content with privileged context, enabling modification of browser configuration and execution of arbitrary code through Maxthon’s exposed DOM APIs (e...

CVE-2025-51569

A cross-site scripting XSS vulnerability exists in the LB-Link BL-CPE300M 01.01.02P42U1406 router's web interface. The /goform/goformgetcmdprocess endpoint fails to sanitize user input in the cmd parameter before reflecting it into a text/html response. This allows unauthenticated attackers to...

GHSA-MVJ3-HC7J-VP74 Microweber has Reflected XSS Vulnerability in the layout Parameter

Reflected Cross-Site Scripting XSS in Microweber CMS 2.0 via the layout parameter on the /admin/page/create page allows arbitrary JavaScript execution in the context of authenticated admin users...