CVE-2020-23208

A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module...

CVE-2020-20699

A cross site scripting XSS vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings...

CVE-2025-3020 Wiesemann & Theis: Multiple W&T Products are vulnerable to cross-site-scripting

An low privileged remote Attacker can execute arbitrary web scripts or HTML via a crafted payload injected into several fields of the configuration webpage with limited impact...

CVE-2024-53568

A stored cross-site scripting XSS vulnerability in the Image Upload section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the tag parameter...

CVE-2025-28102

A cross-site scripting XSS vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost...

ResidenceCMS 2.10.1 - Stored Cross-Site Scripting (XSS)

Exploit Title: ResidenceCMS 2.10.1 - Stored Cross-Site Scripting XSS Date: 8-7-2024 Category: Web Application Exploit Author: Jeremia Geraldi Sihombing Version: 2.10.1 Tested on: Windows CVE: CVE-2024-39143 Description: ---------------- A stored cross-site scripting XSS vulnerability exists in...

CVE-2020-26218

touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. The vulnerability allows an attacker to inject HTML payloads which could result in defacement, user redirection to a malicious webpage/website etc. The issue is patched in version 2.0...

CVE-2024-57776

A cross-site scripting XSS vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Cross-Site Scripting (XSS)

getgrav/grav is vulnerable to cross-site scripting XSS. The vulnerability is due to improper handling of user input, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-48068

A cross-site scripting XSS vulnerability in Shenzhen Landray Software Co.,LTD Landray EKP v16 and earlier allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-10099

A stored cross-site scripting XSS vulnerability exists in comfyanonymous/comfyui version 0.2.2 and possibly earlier. The vulnerability occurs when an attacker uploads an HTML file containing a malicious XSS payload via the /api/upload/image endpoint. The payload is executed when the file is viewe...

CVE-2024-32981 - XSS Vulnerability with text/html base64-encoded payload

More info at https://www.silverstripe.org/download/security-releases/cve-2024-32981...

ResidenceCMS Cross-Site Scripting Vulnerability

ResidenceCMS is a fast, lightweight property management system. A cross-site scripting vulnerability exists in ResidenceCMS version 2.10.1, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to create malicious...

CVE-2024-39143

A stored cross-site scripting XSS vulnerability exists in ResidenceCMS 2.10.1 that allows a low-privilege user to create malicious property content with HTML inside which acts as a stored XSS payload...

CVE-2024-39143

A stored cross-site scripting XSS vulnerability exists in ResidenceCMS 2.10.1 that allows a low-privilege user to create malicious property content with HTML inside which acts as a stored XSS payload...

CVE-2024-39143

CVE-2024-39143 describes a stored cross-site scripting (XSS) vulnerability in ResidenceCMS 2.10.1. A low-privilege user can save malicious HTML in a property content field, which is then stored and rendered on secondary views, potentially triggering payloads (including when visited by an administ...

CVE-2024-27593

A stored cross-site scripting XSS vulnerability in the Filter function of Eramba Version 3.22.3 Community Edition allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the filter name field. This vulnerability has been fixed in version 3.23.0...

BoidCMS 安全漏洞

BoidCMS is a free open source flat file CMS for building simple websites and blogs, developed in PHP and using JSON as the database. A security vulnerability exists in BoidCMS version v2.1.0, which stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to...

Concrete CMS 9.2.7 Cross Site Scripting / Open Redirect Vulnerabilities

Concrete CMS version 9.2.7 suffers from information disclosure, open redirection, and persistent cross site scripting vulnerabilities. Exploit Title: Multiple Web Flaws in concretecmsv9.2.7 Exploit Author: Andrey Stoykov Version: 9.2.7 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com...

CVE-2022-46089

Cross Site Scripting XSS vulnerability in the add-airline form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter...