89895 matches found
CVE-2026-56317
Nuxt is affected by CVE-2026-56317: a cross-site scripting flaw in the NoScript component present in Nuxt < 4.4.7 (and 3.x
osTicket < 1.10.2 - Cross-Site Scripting
Cross-site scripting XSS vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter. id: CVE-2018-7192 info: name: osTicket 1.10.2 - Cross-Site Scripting author: ritikchaddha severity:...
Rukovoditel <= 2.7.2 - Cross Site Scripting
A stored cross site scripting XSS vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter. id: CVE-2020-35984 info: name: Rukovoditel = 2.7.2 - Cross Site...
SuperWebMailer 9.00.0.01710 - Cross-Site Scripting
An issue was discovered in SuperWebMailer 9.00.0.01710 allowing XSS via crafted incorrect passwords. id: CVE-2023-38192 info: name: SuperWebMailer 9.00.0.01710 - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 allowi...
WordPress Stop User Enumeration <=1.3.7 - Cross-Site Scripting
WordPress Stop User Enumeration 1.3.7 and earlier are vulnerable to unauthenticated reflected cross-site scripting. id: CVE-2017-18536 info: name: WordPress Stop User Enumeration =1.3.7 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress Stop User Enumeration 1.3.7 an...
AppServ Open Project <=2.5.10 - Cross-Site Scripting
AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter. id: CVE-2008-2398 info: name: AppServ Open Project =2.5.11 or apply the necessary security patches...
Cherokee HTTPD <=0.5 - Cross-Site Scripting
Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated. id: CVE-2006-1681 info:...
SPIP <3.1.2 - Cross-Site Scripting
SPIP 3.1.2 and earlier contains a cross-site scripting vulnerability in validerxml.php which allows remote attackers to inject arbitrary web script or HTML via the varurl parameter in a validerxml action. id: CVE-2016-7981 info: name: SPIP 3.1.2 - Cross-Site Scripting author: pikpikcu severity:...
Rukovoditel <= 3.2.1 - Cross-Site Scripting
A stored cross-site scripting XSS vulnerability in the Global Lists feature /index.php?module=globallists/lists of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add". id:...
Spotweb <= 1.5.1 - Cross Site Scripting (Reflected)
Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter. id: CVE-2021-40969 info: name: Spotweb = 1.5.1 - Cross Site Scripting Reflected author: theamanrawat...
Rukovoditel <= 3.2.1 - Cross Site Scripting
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking...
Rukovoditel <= 3.2.1 - Cross Site Scripting
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Nam...
Rukovoditel <= 3.2.1 - Cross Site Scripting
A stored cross-site scripting XSS vulnerability in the Global Variables feature /index.php?module=globalvars/vars of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking "Create". id:...
H3C SSL VPN <=2022-07-10 - Cross-Site Scripting
H3C SSL VPN 2022-07-10 and prior contains a cookie-based cross-site scripting vulnerability in wnm/login/login.json svpnlang. id: CVE-2022-35416 info: name: H3C SSL VPN =2022-07-10 - Cross-Site Scripting author: 0x240x23elu severity: medium description: | H3C SSL VPN 2022-07-10 and prior contains...
Rukovoditel <= 3.2.1 - Cross Site Scripting
A stored cross-site scripting XSS vulnerability in the Global Lists feature /index.php?module=globallists/lists of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add". id:...
Atmail 6.5.0 - Cross-Site Scripting
Atmail 6.5.0 contains a cross-site scripting vulnerability in WebAdmin Control Pane via the format parameter to the default URI, which allows remote attackers to inject arbitrary web script or HTML via the “format” parameter. id: CVE-2021-43574 info: name: Atmail 6.5.0 - Cross-Site Scripting...
Spotweb <= 1.5.1 - Cross Site Scripting
Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. id: CVE-2021-40973 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity:...
Spotweb <= 1.5.1 - Cross Site Scripting
Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter. id: CVE-2021-40970 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity:...
Reprise License Manager 14.2 - Cross-Site Scripting
Reprise License Manager 14.2 contains a cross-site scripting vulnerability in the /goform/activateprocess "count" parameter via GET. id: CVE-2021-45422 info: name: Reprise License Manager 14.2 - Cross-Site Scripting author: edoardottt severity: medium description: | Reprise License Manager 14.2...
Spotweb <= 1.5.1 - Cross Site Scripting
Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter. id: CVE-2021-40972 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity: medi...