EUVD-2020-31236

NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news addition interface. Attackers can inject JavaScript payloads via the title field in the admin panel that...

PT-2026-36156

Multiple authenticated cross-site scripting XSS vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream or getReader functions...

Exploit for CVE-2025-14893

CVE-2025-14893: Authenticated Stored Cross-Site Scripting XSS...

CVE-2026-31350

An authenticated stored cross-site scripting XSS vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Page Sign parameter...

WordPress MinhNhut Link Gateway plugin <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode Attributes vulnerability discovered by san6051 - PWC in WordPress Plugin MinhNhut Link Gateway versions = 3.6.1...

CVE-2025-59897

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...

CVE-2025-59897

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...

CVE-2025-59899

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...

CVE-2025-59897 Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...

CVE-2025-59897 Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...

CVE-2025-59896 Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server

Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting XSS vulnerability. An attacker could send malicious content to an authenticated user and steal information from their session due to insufficient validation of user...

CVE-2025-68928

Frappe CRM suffers an authenticated XSS in the web-site field due to unsanitized crafted URLs prior to v1.56.2. Impact described as cross-site scripting; upgrade to v1.56.2 fixes the issue. No workarounds are documented. Exploitation status is not provided in the available sources.

CVE-2025-68928 Frappe CRM vulnerable to authenticated XSS via website field

Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in a website field, which were not sanitized, causing cross-site scripting. Version 1.56.2 fixes the issue. No known workarounds are available...

CVE-2025-36746 SolarEdge Monitoring Platform contains a XSS upon report deletion

SolarEdge monitoring platform contains a Cross‑Site Scripting XSS flaw that allows an authenticated user to inject payloads into report names, which may execute in a victim’s browser during a deletion attempt...

Cisco Identity Services Engine Multiple Vulnerabilities (cisco-sa-ise-multiple-vulns-O9BESWJH)

According to its self-reported version, Cisco ISE is affected by multiple vulnerabilities. - Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interfac...

EUVD-2022-25092

Malicious code in bioql PyPI...

CVE-2025-41052

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/canvasjs...

CVE-2025-55288

Genealogy is a family tree PHP application. Prior to 4.4.0, Authenticated Reflected Cross-Site Scripting XSS vulnerability was identified in the Genealogy application. Authenticated attackers could run arbitrary JavaScript in another user’s session, leading to session hijacking, data theft, and U...

Linux Distros Unpatched Vulnerability : CVE-2025-4439

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed...

CVE-2021-24593

The Business Hours Indicator WordPress plugin before 2.3.5 does not sanitise or escape its 'Now closed message" setting when outputting it in the backend and frontend, leading to an Authenticated Stored Cross-Site Scripting issue...