CVE-2026-10567

A security vulnerability has been detected in 1Panel-dev CordysCRM up to 1.4.1. This impacts the function Save of the file src/main/java/cn/cordys/crm/system/service/ModuleFormService.java of the component ModuleFormController. The manipulation of the argument Description leads to cross site...

CVE-2020-37237

Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner...

EUVD-2021-34836

Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute...

CVE-2020-37237

Summary : CVE-2020-37237 affects Composr CMS 10.0.34. A persistent cross-site scripting (XSS) flaw exists in the banner management interface, enabling authenticated administrators to inject scripts via the Description field in Add banner. Payloads executed for all visitors when they access the ho...

CVE-2020-37237 Composr CMS 10.0.34 Persistent Cross-Site Scripting via banners

Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner...

EUVD-2020-31241

Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner...

CVE-2026-42870

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting XSS flaw was identified at the following endpoint: funcionario/profilefuncionario.php?idfuncionario=2. By injecting a malicious payload into the 'Description' Descrição field and saving t...

EUVD-2026-29185

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting XSS flaw was identified at the following endpoint: funcionario/profilefuncionario.php?idfuncionario=2. By injecting a malicious payload into the 'Description' Descrição field and saving t...

PT-2026-39735

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a Stored Cross-Site Scripting XSS flaw was identified at the following endpoint: funcionario/profile funcionario.php?id funcionario=2. By injecting a malicious payload into the 'Description' Descrição field and saving...

WeGIA 跨站脚本漏洞

WeGIA is a web manager for welfare institutions developed by Nilson Lazarin. Versions of WeGIA prior to 3.7.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Description field in the funcionario/profilefuncionario.php endpoint not being cleaned properly, which...

BDCOM P3310D 跨站脚本漏洞

The BDCOM P3310D is an Ethernet switch device designed for access layer networks by the BDCOM company in China. The version BDCOM P3310D 0.4.2 10.1.0F Build 86345 contains a cross-site scripting vulnerability. This vulnerability stems from the operation of the Description parameter in the rmon...

CVE-2026-40038 Pachno 1.0.6 Stored Cross-Site Scripting via Multiple Parameters

Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...

ChurchCRM SQL注入漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained a SQL injection vulnerability. This vulnerability stemmed from the direct concatenation of values for the Name and Description fields in the PropertyTypeEditor.php file, which could lead ...

Feehi CMS has authenticated stored cross-site scripting (XSS) vulnerabilities via the Permissions module

Multiple authenticated stored cross-site scripting XSS vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters...

CVE-2026-31354

Multiple authenticated stored cross-site scripting XSS vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters...

CVE-2025-15064

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user description field in all versions up to, and including, 2.11.1 due to insufficient input sanitization a...

EUVD-2026-18139

A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create Ticket. This manipulation of the argument Description causes cross site scripting. Remote...

CVE-2026-33664 Kestra Vulnerable to Stored Cross-Site Scripting via Flow YAML Fields

Kestra is an open-source, event-driven orchestration platform Versions up to and including 1.3.3 render user-supplied flow YAML metadata fields — description, inputs.displayName, inputs.description — through the Markdown.vue component instantiated with html: true. The resulting HTML is injected...

Invoice Ninja 安全漏洞

Invoice Ninja is an open-source application developed by Invoice Ninja, featuring features for invoices, quotes, projects, and time tracking. Version 5.13.0 of Invoice Ninja contains a security vulnerability. This vulnerability stems from the project description field bypassing the XSS rejection...

Cross-site Scripting (XSS)

Overview @orpc/openapi is a Affected versions of this package are vulnerable to Cross-site Scripting XSS in the generation of OpenAPI documentation. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting malicious payloads into controllable fields within th...