CVE-2019-7934

A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with...

CVE-2019-7927

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to edit product content pages to inject malicious javascript...

CVE-2019-7877

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manage orders can inject malicious javascript...

CVE-2019-7937

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to store product attributes to inject malicious javascript...

CVE-2019-12843

A possible stored JavaScript injection requiring a deliberate server administrator action was detected. The issue was fixed in JetBrains TeamCity 2018.2.3...

CVE-2006-3108

Cross-site scripting XSS vulnerability in EmailArchitect Email Server 6.1 allows remote attackers to inject arbitrary Javascript via an HTML div tag with a carriage return between the onmouseover attribute and its value, which bypasses the mail filter...

CVE-2019-12834

In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious HTML and JavaScript code into the DOM of the website via the PATHINFO to the dashboards/ URI...

CVE-2020-36905

FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrary client-side scripts. Attackers can exploit the 'url' GET parameter to inject malicious JavaScript and potentially hijack user sessions or...

CVE-2020-36905

CVE-2020-36905 affects FIBARO System Home Center 5.021. A remote file inclusion vulnerability exists in the undocumented proxy API that allows an attacker to include arbitrary client-side scripts by abusing the GET parameter “url,” enabling injection of malicious JavaScript and potentially hijack...

CVE-2020-36905 FIBARO System Home Center 5.021 Remote File Inclusion via Proxy API

FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrary client-side scripts. Attackers can exploit the 'url' GET parameter to inject malicious JavaScript and potentially hijack user sessions or...

PT-2026-1133

Name of the Vulnerable Software and Affected Versions listmonk versions prior to 6.0.0 Description listmonk is a self-hosted newsletter and mailing list manager. A user with campaign management permissions, but lower privileges, can inject malicious JavaScript into campaigns or templates. When a...

CVE-2025-15355

ISOinsight developed by NetVision Information has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks...

CVE-2021-47732

CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...

CVE-2021-47732 CMSimple 5.2 Stored Cross-Site Scripting via Filebrowser External Input

CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...

CVE-2021-47732

CMSimple 5.2 is affected by a stored cross-site scripting (XSS) vulnerability in the Filebrowser external input field. The issue allows an attacker to inject unfiltered JavaScript that executes when a user clicks the Page or Files tabs, enabling persistent script injection. Affected product/versi...

Stored XSS

Overview Affected versions of this package are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a crafted PlantUML diagram can inject malicious JavaScript into generated SVG output, leading to arbitrary script execution in the...

CVE-2025-66580

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. A critical Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 0.11.1 in the Mermaid diagram rendering component. The application allows the execution of arbitrary...

CVE-2023-53939

TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the folder name parameter. Attackers can edit album folder names with script tags to execute arbitrary JavaScript when other users view the affected...

CVE-2025-66580 Dive has Cross-Site Scripting vulnerability that can escalate to Remote Code Execution

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. A critical Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 0.11.1 in the Mermaid diagram rendering component. The application allows the execution of arbitrary...

CVE-2023-53911

Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerability in the article excerpt field that allows authenticated users to inject malicious scripts. Attackers can insert JavaScript payloads into the excerpt, which will execute when the article is viewed by other users...