CVE-2022-43384

IBM Aspera Console 3.4.0 through 3.4.2 PL5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 23864...

CVE-2021-25982

In Factor App Framework & Headless CMS forum plugin, versions 1.3.5 to 1.8.30, are vulnerable to reflected Cross-Site Scripting XSS at the “search” parameter in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies...

CVE-2021-38927

IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210322...

CVE-2021-29388

A stored cross-site scripting XSS vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budget Title'...

CVE-2021-45224

An issue was discovered in COINS Construction Cloud 11.12. In several locations throughout the application, JavaScript code is passed as a URL parameter. Attackers can trivially alter this code to cause malicious behaviour. The application is therefore vulnerable to reflected XSS via malicious UR...

CVE-2021-24545

The WP HTML Author Bio WordPress plugin through 1.2.0 does not sanitise the HTML allowed in the Bio of users, allowing them to use malicious JavaScript code, which will be executed when anyone visit a post in the frontend made by such user. As a result, user with a role as low as author could...

CVE-2021-36603

Cross Site Scripting XSS in Tasmota firmware 6.5.0 allows remote attackers to inject JavaScript code via a crafted string in the field "Friendly Name 1"...

CVE-2021-30862

A validation issue was addressed with improved input sanitization. This issue is fixed in iTunes U 3.8.3. Processing a maliciously crafted URL may lead to arbitrary javascript code execution...

CVE-2021-21803

This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...

CVE-2021-1748

A validation issue was addressed with improved input sanitization. This issue is fixed in tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted URL may lead to arbitrary javascript code execution...

CVE-2021-46875

An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file...

CVE-2021-44916

Opmantek Open-AudIT Community 4.2.0 Fixed in 4.3.0 is affected by a Cross Site Scripting XSS vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser...

CVE-2021-45822

A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the "n" POST parameter. Through this vulnerability, an attacker is capable to execute malicious JavaScript code...

CVE-2021-40637

OS4ED openSIS 8.0 is affected by cross-site scripting XSS in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user's cookie and take over the working session of user...

CVE-2021-3395

A cross-site scripting XSS vulnerability in Pryaniki 6.44.3 allows remote authenticated users to upload an arbitrary file. The JavaScript code will execute when someone visits the attachment...

CVE-2021-30113

A blind XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attack...

CVE-2021-24468

The Leaflet Map WordPress plugin before 3.0.0 does not escape some shortcode attributes before they are used in JavaScript code or HTML, which could allow users with a role as low as Contributors to exploit stored XSS issues...

CVE-2021-23934

OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code...

CVE-2021-23935

OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code...

CVE-2020-25798

A stored cross-site scripting XSS vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter ParticipantAttributeNamesDropdown of the Attributes on the central participant database page. When the...