CVE-2025-6024

The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection. An attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user's browser being redirected to a malicious...

EUVD-2026-34891

HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting XSS vulnerability exists in versions prior to 26.0.0 due to improper sanitization of elements. The application allows javascript: URIs in the src attribute, which are executed when a malicious page ...

CVE-2026-20059

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate...

CVE-2026-20090

A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could...

CVE-2026-20090

CVE-2026-20090 affects the web-based management interface of Cisco IMC. The root cause is insufficient validation of user input, enabling a stored XSS if a user with administrative access is coerced into clicking a crafted link. The vulnerability could allow an attacker with network access and ad...

PT-2026-23030

A vulnerability in the SAML 2.0 single sign-on SSO feature of Cisco Secure Firewall ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the SAML feature and access sensitive,...

CVE-2026-20111

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. This vulnerability exists because the web-based management...

CVE-2026-20047

Cisco ISE and ISE-PIC web management interfaces are affected by a cross-site scripting (XSS) vulnerability (CVE-2026-20047) due to insufficient validation of user-supplied input. An authenticated attacker with valid administrative credentials could inject malicious code into specific pages, allow...

SAP Business Connector 跨站脚本漏洞

SAP Business Connector is a middleware from SAP, Germany. A cross-site scripting vulnerability exists in SAP Business Connector due to improper validation of user-supplied input in the PRTG Web Monitor web interface. An attacker could exploit the vulnerability to access or modify information with...

SUSE CVE-2016-11081

An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser...

CVE-2025-20289

Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

EUVD-2021-0125

Malware in sbrugna...

EUVD-2025-24208

Malicious code in bioql PyPI...

CVE-2025-7746

CVE-2025-7746 is a Cross-site Scripting (CWE-79) vulnerability in Schneider Electric ATV series (e.g., ATV340E, ATV6000/ATV6x, ATS490 Soft Starter, and related Altivar Drive/Module products). The root cause is improper neutralization of input during web page generation, allowing unvalidated data ...

CVE-2025-20330

A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the...

CVE-2025-42948

Due to a Cross-Site Scripting XSS vulnerability in SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated user clicks on this link, the injected input is processed during the website�s page generation, resultin...

CVE-2025-42948

Due to a Cross-Site Scripting XSS vulnerability in SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated user clicks on this link, the injected input is processed during the website�s page generation, resultin...

CVE-2025-42948

CVE-2025-42948 describes a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform. An unauthenticated attacker can generate a malicious link that becomes publicly accessible; when an authenticated user clicks it, the injected input is processed during page generation, enabling ex...

PT-2025-32608 · Sap · Sap Netweaver/Abap Platform

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver ABAP Platform affected versions not specified Description: A Cross-Site Scripting XSS issue exists in SAP NetWeaver ABAP Platform. An unauthenticated attacker can create a malicious link and distribute it publicly. If an...

CVE-2024-20511

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user o...