CVE-2025-45880

A cross-site scripting XSS vulnerability in the data resource management function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload...

CVE-2025-45878

CVE-2025-45878 is an XSS vulnerability in the report manager function of Miliaris Amigdala v2.2.6. The issue allows an attacker to cause arbitrary HTML to execute in the context of a user’s browser via a crafted payload. The provided metrics indicate a CVSS v3.1 base score of 6.1 (MEDIUM), with n...

CVE-2025-45879

CVE-2025-45879 describes a cross-site scripting (XSS) vulnerability in the e-mail manager function of Miliaris Amigdala v2.2.6 . The issue allows an attacker to execute arbitrary HTML in a user’s browser via a crafted payload. The available metrics indicate a CVSS v3.1 base score of 6.1 (Medium) ...

CVE-2025-45880

A cross-site scripting XSS vulnerability in the data resource management function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload...

PT-2025-25738 · Unknown · Miliaris Amigdala

Name of the Vulnerable Software and Affected Versions: Miliaris Amigdala version 2.2.6 Description: A cross-site scripting XSS issue in the data resource management function allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload. Recommendations: For...

PT-2025-25740 · Unknown · Miliaris Amigdala

Name of the Vulnerable Software and Affected Versions: Miliaris Amigdala version 2.2.6 Description: A cross-site scripting XSS issue in the report manager function allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload. Recommendations: For Miliaris...

CVE-2025-45880

CVE-2025-45880 is confirmed with public sources detailing a cross-site scripting (XSS) vulnerability in the data resource management function of Miliaris Amigdala v2.2.6. The issue allows an attacker to execute arbitrary HTML in a user’s browser via a crafted payload. The CVSS 3.1 base score is 6...

CVE-2025-45878

A cross-site scripting XSS vulnerability in the report manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload...

CVE-2024-25436

A cross-site scripting XSS vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function...

CVE-2024-24807

Sulu is a highly extensible open-source PHP content management system based on the Symfony framework. There is an issue when inputting HTML into the Tag name. The HTML is executed when the tag name is listed in the auto complete form. Only admin users can create tags so they are the only ones...

CVE-2024-4424

The access control in CemiPark software does not properly validate user-entered data, which allows the stored cross-site scripting XSS attack. The parameters used to enter data into the system do not have appropriate validation, which makes possible to smuggle in HTML/JavaScript code. This code...

CVE-2024-42818

A cross-site scripting XSS vulnerability in the Config-Create function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter...

CVE-2023-37135

A stored cross-site scripting XSS vulnerability in the Image Upload module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2022-39197

An XSS Cross Site Scripting vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the...

CVE-2020-23037

Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...

CVE-2020-20597

A cross-site scripting XSS vulnerability in the potrtalItemName parameter in \web\PortalController.java of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML...

CVE-2020-21494

A cross-site scripting XSS vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0...

CVE-2020-21495

A cross-site scripting XSS vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter...

CVE-2020-27735

An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of sandboxed arbitrary HTML and JavaScript in the user's browser...

CVE-2019-6992

A stored-self XSS exists in web/skins/classic/views/controlcaps.php of ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in a vulnerable field via a long NAME or PROTOCOL to the index.php?view=controlcaps URI...