212 matches found
PT-2025-21283 · Unknown · Phpgurukul Vehicle Record Management System
Name of the Vulnerable Software and Affected Versions: Phpgurukul Vehicle Record Management System version 1.0 Description: The issue concerns a Cross Site Scripting XSS vulnerability. It affects the /edit-brand.php endpoint, specifically when the bid parameter, represented as brandId, is used...
CVE-2025-30315
Summary: Adobe Connect versions ≤ 12.8 are vulnerable to a stored XSS in vulnerable form fields, allowing injected JavaScript to run in a victim’s browser when visiting the affected page. Impact (as stated): stored XSS with potential for script execution in the user context. Affected components: ...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the collection, Wishlist, and album components. An attacker can escalate privileges by injecting malicious scripts. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker...
Cross-Site Scripting (XSS)
yeswiki/yeswiki is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to insufficient sanitization of user-supplied input in URLs, which allows attackers to inject malicious scripts that are reflected in the server’s response...
PT-2025-17888 · WordPress · Add Google +1 (Plus One) Social Share Button
Name of the Vulnerable Software and Affected Versions: Add Google +1 Plus one social share Button plugin for WordPress version 1.0.0 and earlier Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the google-plus-one-share-button page...
1 Decembrie 1918 <= 1.dec.2012 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Description The 1 Decembrie 1918 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.dec.2012. This is due to missing or incorrect nonce validation on the 1-decembrie-1918/1-decembrie-1918.php page. This makes it possible for unauthenticated...
Cross-site Scripting (XSS)
Overview wikimedia/parsoid is a bidirectional parser between wikitext and HTML5. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper handling of Unicode normalization in the Action API. An attacker can manipulate script processing by injecting malicious...
PT-2025-14406 · Wbw · Product Table By Wbw
Name of the Vulnerable Software and Affected Versions: Product Table by WBW versions 2.1.4 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to...
CVE-2025-28253
Cross-Site Scripting XSS vulnerability in MainWP MainWP Dashboard v5.3.4 exists in class/class-mainwp-post-handler.php, where unsanitized user input from $POST'sites', $POST'clients', and $POST'search' is passed into the MainWPUser::rendertable function. Despite using sanitizetextfield and...
CVE-2025-0183
A stored cross-site scripting XSS vulnerability exists in the Latex Proof-Reading Module of binary-husky/gptacademic version 3.9.0. This vulnerability allows an attacker to inject malicious scripts into the debuglog.html file generated by the module. When an admin visits this debug report, the...
CVE-2024-10725
A stored cross-site scripting XSS vulnerability exists in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which are then executed in the context of other users who view the affected pages. The issue occurs when editing the NAT...
CVE-2024-10721
A stored cross-site scripting XSS vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which can be executed in the context of other users who view the affected page. The issue occurs in the circuits...
CVE-2024-10720
A stored cross-site scripting XSS vulnerability exists in phpipam/phpipam version 1.5.2. The vulnerability occurs in the 'Device Management' section under 'Administration' where an attacker can inject malicious scripts into the 'Name' and 'Description' fields when adding a new device type. This c...
CVE-2024-10721
The CVE-2024-10721 entry describes a stored XSS in phpIPAM (version 1.5.2) on the circuits options page, exploitable via crafted input to execute scripts in other users’ contexts. The root cause is insufficient input filtering/escaping on the circuits options page, allowing injection of Web scrip...
CVE-2024-10721 Store XSS in phpipam/phpipam
A stored cross-site scripting XSS vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the application, which can be executed in the context of other users who view the affected page. The issue occurs in the circuits...
CVE-2024-10722
The CVE-2024-10722 entry concerns phpIPAM (phpipam/phpipam) version 1.5.2, with a stored XSS vulnerability in the Description field of custom fields under IP RELATED MANAGEMENT. The root cause is an input handling issue that allows injection of malicious scripts, leading to potential data theft, ...
CVE-2025-0192
CVE-2025-0192 describes a stored XSS in wandb/openui’s edit HTML functionality. The vulnerability allows injection of malicious scripts when modified HTML is shared with another user, potentially exposing prompt history and other sensitive data. Connected sources confirm the issue and its impact ...
CVE-2025-29782
WeGIA is Web manager for charitable institutions A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionartipodocsatendido.php endpoint in versions of the WeGIA application prior to 3.2.17. This vulnerability allows attackers to inject malicious scripts into the tipo...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper input sanitization in the rendering of web pages. An attacker can inject malicious scripts by submitting crafted input that is improperly sanitized before being included in the output HTML. Detai...
GHSA-6HRW-X7PR-4MP8 LF Edge eKuiper allows Stored XSS in Rules Functionality
Summary Stored Cross-Site Scripting XSS vulnerability allows attackers to inject malicious scripts into web applications, which can then be executed in the context of other users' browsers. This can lead to unauthorized access to sensitive information, session hijacking, and spreading of malware,...