2179 matches found
Open eClass 跨站脚本漏洞
Open eClass is an e-classroom system developed by the Greek Universities Network. Versions of Open eClass prior to 4.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored-xpected cross-site scripting, which could lead to the execution of malicious JavaScript...
CVE-2026-1513
billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...
CVE-2026-1513
billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...
CVE-2026-1513
CVE-2026-1513 affects billboard.js prior to 3.18.0, enabling cross-site scripting via improper sanitization during chart option binding. Multiple sources (Red Hat, OSV, Snyk) confirm an XSS risk in the affected library. Remediation: upgrade billboard.js to 3.18.0-next.2 or higher (per OSV/Snyk gu...
EUVD-2026-4915
billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...
CVE-2026-1513
billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...
billboard.js security vulnerability
billboard.js is a reusable and easy-to-use JavaScript chart library developed by NAVER based on D3.js. Versions of billboard.js prior to 3.18.0 contained a security vulnerability. This vulnerability stemmed from improper cleanup during the binding of chart options, which could allow for the...
100-days-challenge-day-30-XSS-attacks
100-days-challenge-day-30-XSS-attacks XSS attacks demonstrate...
CVE-2020-36932
SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded...
CVE-2021-47892
PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potentially allowing client-side script execution...
CVE-2021-47841
CVE-2021-47841 affects SnipCommand 0.1.0. The issue is a cross-site scripting vulnerability in command snippets that allows an attacker to inject malicious payloads and execute arbitrary code by embedding JavaScript that triggers remote command execution via file or title inputs. Sources across N...
PT-2026-3221
Name of the Vulnerable Software and Affected Versions lucy-xss-filter versions prior to commit e5826c0 Description The software contains a flaw where an attacker can execute malicious JavaScript. This is due to improper sanitization resulting from misconfigured default superset rule files...
PT-2026-3296
SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs...
Lucy-XSS security vulnerability
Lucy-XSS is a cross-site scripting protection library open-sourced by NAVER. Lucy-XSS has a security vulnerability, which stems from improper configuration of the default super-set rule file, leading to inadequate cleanup and potentially allowing malicious JavaScript to be executed...
Cotonti Siena security vulnerabilities
Cotonti Siena is a powerful open-source web development framework and content manager developed by Cotonti. Version 0.9.19 of Cotonti Siena contains a security vulnerability. This vulnerability stems from the site title parameters in the administrator configuration panel, which contain stored...
PT-2026-3178
Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page...
CVE-2021-41951
ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpresssso/pages/index.php via the wordpressuser parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the...
CVE-2019-20151
An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed by the application's administrators. A malicious payload can be injected within the Multi Approval security component and inserted via the Note...
CVE-2023-45815
ArchiveBox is an open source self-hosted web archiving system. Any users who are using the wget extractor and view the content it outputs. The impact is potentially severe if you are logged in to the ArchiveBox admin site in the same browser session and view an archived malicious page designed to...
CVE-2022-23053
Openmct versions 1.3.0 to 1.7.7 are vulnerable against stored XSS via the “Condition Widget” element, that allows the injection of malicious JavaScript into the ‘URL’ field. This issue affects: nasa openmct 1.7.7 version and prior versions; 1.3.0 version and later versions...