CVE-2025-40894

A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. If the system is configured to use the Alert...

PT-2025-54419

STVS ProVision 5.9.10 contains a cross-site scripting vulnerability in the 'files' POST parameter that allows authenticated attackers to inject arbitrary HTML code. Attackers can exploit the unvalidated input to execute malicious scripts within a user's browser session in the context of the...

CVE-2025-62297

SOPlanning is vulnerable to Stored XSS in /projets endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening edited page. This issue was fixed in version 1.55...

CVE-2025-62729

CVE-2025-62729 affects SOPlanning with a Stored XSS in the /status endpoint. An authenticated attacker can inject arbitrary HTML/JS that is rendered for multiple pages. Root cause described in connected Red Hat/ENISA/NVD entries; fixed in version 1.55. CVSS metrics indicate MEDIUM severity (3.1: ...

Open Solution QuickCMS 跨站脚本漏洞

Open Solution QuickCMS is an Open Solution open source content management system. A cross-site scripting vulnerability exists in Open Solution QuickCMS version 6.8, which stems from the presence of multiple stored cross-site scripts in the page editor functionality, which could lead to the...

EUVD-2004-1971

Malware in sbrugna...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via a "Rich Text" field in an object. An attacker can execute arbitrary web scripts or inject HTML by submitting a crafted payload. Details Cross-site scripting or XSS is a code vulnerability that occurs when an...

CVE-2020-5722

The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in password recovery emails in versions befo...

Tenable Security Center Security Breach

Tenable Security Center is a security center from Tenable USA. A security vulnerability exists in Tenable Security Center that stems from the presence of a stored cross-site scripting vulnerability that could allow an authenticated, remote attacker to inject HTML code into a web application scan...

BIT-MYBB-2022-43707

MyBB 1.8.31 has a Cross-site scripting XSS vulnerability in the visual MyCode editor SCEditor allows remote attackers to inject HTML via user input or stored data...

SolarWinds Platform 跨站脚本漏洞

SolarWinds Platform is a unified monitoring, observability, and service management platform from US-based SolarWinds, Inc. A security vulnerability exists in SolarWinds Platform, which can be exploited by remote attackers to inject HTML by appending URL parameters...

CVE-2023-0599

Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another...

CVE-2022-41789

Cross-site Scripting XSS vulnerability in BlueSpiceDiscovery skin of BlueSpice allows logged in user with edit permissions to inject arbitrary HTML into the default page header of a wikipage...

CVE-2020-6535

Insufficient data validation in WebUI in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had compromised the renderer process to inject scripts or HTML into a privileged page via a crafted HTML page...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via 1 the link parameter or 2 the User-Agent HTTP header...