CVE-2019-25502 Simple Job Script Cross-Site Scripting via job_type_value Parameter

Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the jobtypevalue parameter in the jobs endpoint. Attackers can craft requests with SVG payload injection to execute arbitrary JavaScript in victim...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Switch Language block. An attacker can execute arbitrary JavaScript code in the context of other users by injecting malicious scripts through this component. Details Cross-site scripting or XSS is a code...

Simplejobscript 跨站脚本漏洞

Simplejobscript is a free web development software open source by Niteosoft. Simplejobscript has a cross-site scripting vulnerability; this vulnerability stems from the jobtypevalue parameter having cross-site scripting capabilities, which may allow unverified attackers to inject malicious script...

PT-2026-23102

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.9 Description SiYuan, a personal knowledge management system, contains a reflected cross-site scripting XSS issue in the dynamic icon API endpoint. The vulnerability occurs when the type parameter is set to 8,...

CVE-2026-26272

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting XSS vulnerability exists in the item attachment upload functionality. The application does not properly validate or restrict uploaded file types, allowing an authenticated user to upload...

Cross-site Scripting (XSS)

Overview wagtail is an open source content management system built on Django. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the wagtail.contrib.simpletranslation module. A user with access to the admin area can execute arbitrary JavaScript code in the context of...

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14354)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the outgoing.cgi endpoint in the MACHINE and MACHINECOMMENT parameters of the user-supplied data lack of effective...

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14338)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . A cross-site scripting vulnerability exists in Smoothwall Express. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the SRCIP, DESTIP, or COMMENT parameters...

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14290)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express has a cross-site scripting vulnerability , the vulnerability stems from the iptools.cgi endpoint IP parameters of the user-supplied data lack of effective filtering and escaping , an...

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14285)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express has a cross-site scripting vulnerability. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the NTPSERVER parameter of the time.cgi...

Smoothwall Express Cross-Site Scripting Vulnerability (CNVD-2026-14287)

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the ipblock.cgi endpoint of the SRCIP and COMMENT parameters of the user-supplied data lack of effective filtering and...

GHSA-PRJF-86W9-MFQV Angular i18n vulnerable to Cross-Site Scripting

A Cross-site Scripting XSS vulnerability has been identified in the Angular internationalization i18n pipeline. In ICU messages International Components for Unicode, HTML from translated content was not properly sanitized and could execute arbitrary JavaScript. Angular i18n typically involves thr...

CVE-2026-24351

PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. The vendor was notified early about this vulnerability, but didn't respond with...

Omega-PSIR 跨站脚本漏洞

Omega-PSIR is a comprehensive scientific information management system operated by Politechnika Warszawska. Omega-PSIR has a cross-site scripting vulnerability, which stems from the reflective cross-site scripting present in the lang parameter. This vulnerability could allow attackers to execute...

CVE-2026-25734

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the RSE metadata of the WebUI where...

CVE-2026-25733

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting XSS vulnerability in the Custom Rules function of the WebUI where...

CVE-2026-27616

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as...

GHSA-62CR-6WP5-Q43H Copyparty vulnerable to reflected XSS via setck parameter

Summary An XSS allows for reflected cross-site scripting via URL-parameter ?setck=... Details A reflected cross-site scripting XSS vulnerability could allow an attacker to execute malicious javascript by tricking users into accessing a malicious link. The worst-case outcome of this is being able ...

CVE-2026-27902

A cross-site scripting XSS vulnerability was found in Svelte’s server-side rendering SSR error handling. Error messages returned from the transformError function were not properly escaped before being embedded into HTML output within hydration markers. If an application returns attacker-controlle...

CVE-2026-27970

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Versions prior to 21.2.0, 21.1.16, 20.3.17, and 19.2.19 have a cross-Site scripting vulnerability in the Angular internationalization i18n pipeline. In ICU messages...