CVE-2024-41504

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting XSS. In the "Oportunidades" opportunities section of the application when creating or editing an "Atividade" activity, the form field "Descrico" allows injection of JavaScript...

CVE-2024-41960

mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabling the attacker to execute arbitrary scrip...

CVE-2023-43718

Os Commerce is currently susceptible to a Cross-Site Scripting XSS vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCHENABLETITLE1" parameter, potentially leading to unauthorized execution of scripts within a user's web browser...

CVE-2023-50303

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273333...

CVE-2023-40153

The affected product is vulnerable to a cross-site scripting vulnerability, which could allow an attacker to access the web application to introduce arbitrary Java Script by injecting an XSS payload into the 'hostname' parameter of the vulnerable software...

CVE-2021-27930

Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which allows an authenticated or compromised user to inject malicious JavaScript in folder/file name within the application in order to grab other users’ sessions or execute malicious code in their browsers 1-click RCE...

CVE-2021-31832

Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention DLP Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user...

CVE-2024-39735

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

CVE-2023-29515

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can ...

CVE-2023-29528

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting...

CVE-2021-41161

Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters, allowing for javascript injection into rendered csv files. Users are advised to upgrade. There are no known workarounds for this issue...

CVE-2021-27914

A cross-site scripting XSS vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript...

CVE-2020-24897

The Table Filter and Charts for Confluence Server app before 5.3.25 for Atlassian Confluence allow remote attackers to inject arbitrary HTML or JavaScript via cross site scripting XSS through the provided Markdown markup to the "Table from CSV" macro...

Cross-site Scripting (XSS)

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ui.navigate.history.push or ui.navigate.history.replace functions. An attacker can execute arbitrary JavaScript in the victim's...

CVE-2026-22232

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript in the "A or SIC Number" field within the Project Setup functionality. The JavaScript is executed whenever another user views the project. Fixed in OPEXUS eCASE Audit 11.14.2.0...

CVE-2026-22232

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript in the "A or SIC Number" field within the Project Setup functionality. The JavaScript is executed whenever another user views the project. Fixed in OPEXUS eCASE Audit 11.14.2.0...

OPEXUS eCASE

RISK EVALUATION OPEXUS eCASE Audit contains multiple vulnerabilities. An authenticated attacker could bypass authorization or inject JavaScript that could be executed in the context of other users. 2. RECOMMENDED PRACTICES Update to eCase Audit v11.14.2.0 and eCase Platform v11.14.1.0. 3...

CVE-2025-61550

CVE-2025-61550 affects edu Business Solutions Print Shop Pro WebDesk 18.34. The stored XSS occurs in ctl00_Content01_fieldValue parameters via /psp/appNet/TemplateOrder/TemplatePreview.aspx, where user input is stored and later rendered in HTML without proper output encoding or sanitization. This...

OPEXUS eCASE Audit 安全漏洞

OPEXUS eCASE Audit is an audit management software from OPEXUS USA. A security vulnerability exists in OPEXUS eCASE Audit that originates from an authenticated attacker being able to save JavaScript in the Project Setup function, which could lead to cross-site scripting attacks...

CVE-2019-7880

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to marketing email templates to inject malicious javascript...