123 matches found
CVE-2025-10244
A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting XSS vulnerability. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process...
CVE-2025-10244 HTML Payload Stored Cross-Site Scripting (XSS) Vulnerability
A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting XSS vulnerability. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process...
CVE-2025-10244
CVE-2025-10244 affects Autodesk Fusion desktop app via a Stored Cross-site Scripting (XSS) condition triggered by a malicious HTML payload rendered by the application. The vulnerability can allow reading local files or executing arbitrary code in the context of the current process. Reported CVSSv...
CVE-2025-10244 HTML Payload Stored Cross-Site Scripting (XSS) Vulnerability
A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting XSS vulnerability. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process...
CVE-2025-55620
CVE-2025-55620 describes an XSS in the Reolink mobile app/Web UI via the valuateJavascript() function in Reolink v4.54.0.4.20250526. The root cause is improper handling/sanitization of crafted payloads, allowing attackers to execute arbitrary web scripts or HTML when a user views or interacts wit...
Notice Board System manage-notices.php file cross-site scripting vulnerability
Notice Board System is a bulletin board system. Notice Board System has a cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the parameters Title/Description in the file /admin/manage-notices.php, which can be...
CVE-2024-32344
A cross-site scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit parameter under the Language section...
CVE-2023-30096
A stored cross-site scripting XSS vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field...
CVE-2023-26120
This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update...
CVE-2023-1787
An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description...
CVE-2023-38910
CSZ CMS 1.3.0 is vulnerable to cross-site scripting XSS, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin...
CVE-2022-44953
webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add"...
CVE-2022-46438
A cross-site scripting XSS vulnerability in the /admin/articlecategory.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter...
CVE-2022-46089
Cross Site Scripting XSS vulnerability in the add-airline form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter...
CVE-2022-45012
A cross-site scripting XSS vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field...
CVE-2021-39421
A cross-site scripting XSS vulnerability in SeedDMS v6.0.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2020-20799
JeeCMS 1.0.1 contains a stored cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the commentText parameter...
CVE-2020-20977
A stored cross site scripting XSS vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section...
CVE-2020-23054
A cross-site scripting XSS vulnerability in NSK User Agent String Switcher Service v0.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the user agent input field...
CVE-2020-23185
A stored cross site scripting XSS vulnerability in /administration/settingsecurity.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload...