CVE-2020-9520

A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled...

CVE-2025-40627

CVE-2025-40627 affects AbanteCart v1.4.0. It describes a Reflected Cross‑Site Scripting (XSS) vulnerability in the /eyes? endpoint that lets an attacker deliver JavaScript to a victim’s browser, potentially stealing session cookies or acting on behalf of the user. The vulnerability is documented ...

CVE-2024-12374

A stored cross-site scripting XSS vulnerability exists in automatic1111/stable-diffusion-webui version git 82a973c. An attacker can upload an HTML file, which the application interprets as content-type application/html. If a victim accesses the malicious link, it will execute arbitrary JavaScript...

CVE-2024-48591

Inflectra SpiraTeam 7.2.00 is vulnerable to Cross Site Scripting XSS. A specially crafted SVG file can be uploaded that will render and execute JavaScript upon direct viewing...

CVE-2024-48591

CVE-2024-48591 affects Inflectra SpiraTeam 7.2.00. The vulnerability is a Cross Site Scripting (XSS) flaw where uploading a specially crafted SVG file can be viewed to render and execute JavaScript in the user’s browser. The CVSS 3.1 base score is 6.1 (MEDIUM): Network attack vector, low attack c...

thunderbird: Unsanitized address book fields

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For...

UBUNTU-CVE-2025-1015

The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book,...

Cross Site Scripting (XSS)

sulu/sulu is vulnerable to Cross Site Scripting XSS. The vulnerability is due to a low privileged user with access to the “Media” section being able to upload an SVG file with a malicious payload, allowing an attacker to execute malicious JavaScript in the browsers of other users, including admin...

Esri Portal For ArcGIS 跨站脚本漏洞

Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. Esri Portal For ArcGIS suffers from a cross-site scripting vulnerability that can be...

CVE-2024-8652 Netcat CMS: reflected cross-site scripting in openstat module

A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/ . Versions 6.4.0.24248 and o...

CVE-2023-50717 NocoDB Allows Preview of File with Dangerous Content

NocoDB is software for building databases as spreadsheets. Starting in verson 0.202.6 and prior to version 0.202.10, an attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading stored cross-site scripting attack...

CVE-2024-25708

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Web App Builder versions 10.9.1 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s...

PT-2024-20038 · Unknown · Com.Kamivision.Yismart

Name of the Vulnerable Software and Affected Versions: com.kamivision.yismart application through 1.0.0 20231219 for Android Description: The issue allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component...

Cross site scripting

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...

TCL BrowseHere Security Breach

Tcl Communication TCL BrowseHere is a video playback browser with a sophisticated interface from TCL Communication China. A security vulnerability exists in TCL BrowseHere version 6.65.022dab24cc6231221gp, which originates from a vulnerability that allows remote attackers to execute arbitrary...

CVE-2023-47064

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2023-30736

Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. To trigger this vulnerability, user interaction is required...

CVE-2023-25835

There is a stored Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS Sites versions 11.1 and below that may allow a remote, authenticated attacker with high‑privileged access to create a crafted link that is persisted within the site configuration. When accessed by a victim, the...

CVE-2023-21515

InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store...

CVE-2023-21514

Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store...