CVE-2021-47973

Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger ...

CVE-2021-47971

My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350000 repeated characters and paste it twice into a new note to trigger an...

CVE-2021-47970

Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can generate a payload containing 350000 repeated characters and paste it into a note field to trigger application crash...

CVE-2021-47969

Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long character strings into note fields. Attackers can generate a payload containing 350,000 repeated characters and paste it twice into a new note to cause the...

PT-2026-41457

Name of the Vulnerable Software and Affected Versions My Notes Safe version 5.3 Description A denial of service issue allows attackers to crash the application by pasting excessively long character strings into note fields. This is triggered when a payload containing 350,000 repeated characters i...

CVE-2026-30082

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

PT-2026-28709

Name of the Vulnerable Software and Affected Versions QDOCS Smart School Management System versions up to 7.2 Description A cross site scripting issue exists in QDOCS Smart School Management System. The issue is located in the Admission Enquiry Module, specifically within the /admin/enquiry file...

CVE-2019-20151

An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed by the application's administrators. A malicious payload can be injected within the Multi Approval security component and inserted via the Note...

CVE-2025-60933

CVE-2025-60933 affects HR Performance Solutions Performance Pro v3.19.17. The vulnerability is stored XSS in the Future Goals function, allowing an attacker to inject arbitrary web scripts/HTML via crafted payloads into Goal Name, Goal Notes, Action Step Name, Action Step Description, Note Name, ...

EUVD-2019-10706

Malware in sbrugna...

CVE-2025-56795

CVE-2025-56795 affects Mealie 3.0.1 and earlier, with a stored XSS in the recipe creation feature. Unsanitized input in the note/text fields of the path “/api/recipes/{recipe_name}” is rendered in the frontend without proper escaping, causing persistent XSS. Root cause: lack of input sanitization...

PT-2025-39839

Name of the Vulnerable Software and Affected Versions Mealie versions prior to 3.0.1 Description The software is susceptible to Cross-Site Scripting XSS within the recipe creation feature. User-provided data in the "note" and "text" fields is not adequately sanitized before being displayed on the...

CVE-2022-44947

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Highlight Row feature at /index.php?module=entities/listingtypesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note fiel...

YznCMS 安全漏洞

YznCMS is a backend development framework. A cross-site scripting vulnerability exists in YznCMS version 1.4.2, which stems from the lack of effective filtering and escaping of user-supplied data in the component /index/index.html, and can be exploited by an attacker to execute arbitrary Web scri...

CVE-2022-44947

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Highlight Row feature at /index.php?module=entities/listingtypes&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the...

CVE-2022-44947

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Highlight Row feature at /index.php?module=entities/listingtypes&entitiesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the...

PT-2022-27346 · Unknown · Rukovoditel

Name of the Vulnerable Software and Affected Versions: Rukovoditel version 3.2.1 Description: A stored cross-site scripting XSS issue was found in the Highlight Row feature at "/index.php?module=entities/listing types&entities id=24". This allows attackers to execute arbitrary web scripts or HTML...

Rukovoditel 跨站脚本漏洞

Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management, customer relationship management and other functions. Rukovoditel v3.2.1 version of a security vulnerability , the vulnerability stems from the Highlight Row...

Stored XSS in

Description Hello, I have found that an XSS payload has been executed in the name of note field, and I wanted to make a report about it, just please note that in the Occurrences I left it empty because I don't know anything about it, and please see the video attached in POC to know more about it...

GHSA-3264-65PG-5XM4 Dolibarr ERP and CRM HTML Injection

There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php...