Cross Site Scripting (XSS)

code16/sharp is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation and output encoding in src/Form/Fields/SharpFormUploadField.php, which allows an attacker to inject and execute arbitrary malicious scripts in a victim’s browser...

CVE-2025-8405

GitLab CE/EE is vulnerable to an authenticated user performing unauthorized actions on behalf of others by injecting malicious HTML into vulnerability code flow displays. Affected versions are 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2. GitLab has remediated this with patch re...

Siemens SIMATIC S7-1500 Improper Encoding or Escaping of Output (CVE-2022-25235)

xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...

CVE-2025-5770

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling...

PT-2025-45497

Name of the Vulnerable Software and Affected Versions Sourcecodester Medicine Reminder App version 1.0 Description The application is susceptible to Cross-Site Scripting XSS. An attacker can inject potentially malicious HTML/JavaScript code into the "Medicine Name" and "Notes Optional" fields whe...

PT-2025-45503

Name of the Vulnerable Software and Affected Versions TechStore version 1.0 Description TechStore version 1.0 is susceptible to Cross Site Scripting XSS. The issue occurs in the /search results API endpoint through the q parameter. An attacker could potentially inject malicious scripts into the w...

CVE-2025-10853

A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...

CVE-2025-10853 Reflected Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products Due to Improper Output Encoding

A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...

EUVD-2025-37927

A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...

CVE-2025-10853 Reflected Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products Due to Improper Output Encoding

A reflected cross-site scripting XSS vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the response, leading to reflected XSS. Successful...

CVE-2025-10853

Summary: CVE-2025-10853 is a reflected XSS vulnerability in the management console of multiple WSO2 products caused by improper output encoding. The issue allows a malicious actor to tamper with specific parameters to inject arbitrary JavaScript into responses, potentially leading to UI manipulat...

CVE-2025-5770 Reflected Cross-Site Scripting (XSS) in Authentication Endpoints of Multiple WSO2 Products

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling...

EUVD-2025-37921

A reflected cross-site scripting XSS vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which are reflected back in the response, enabling...

PT-2025-45157

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description A reflected cross-site scripting XSS issue exists in the authentication endpoints of WSO2 products because of insufficient output encoding. An attacker can inject JavaScript payloads in...

PT-2025-44774

Name of the Vulnerable Software and Affected Versions Water Management System version 1.0 Description Water Management System version 1.0 is susceptible to Cross Site Scripting XSS attacks. The issue is located in the /add customer.php endpoint. The vulnerability allows attackers to inject...

PT-2025-44632

Name of the Vulnerable Software and Affected Versions BEO GmbH BEO Atlas Einfuhr Ausfuhr version 3.0 Description A reflected cross-site scripting XSS issue exists in BEO GmbH BEO Atlas Einfuhr Ausfuhr 3.0. This allows attackers to execute arbitrary code within a user’s browser. Exploitation occur...

CVE-2018-25122

Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled input and lacked sufficient validation and output encoding, allowing an authenticated user to inje...

CVE-2018-25122

Nagios XI

Cross-site Scripting

com.liferay.account.admin.web is vulnerable to Cross-Site Scripting. The vulnerability is due to insufficient input validation and improper output encoding due to the Account "Name" text field. This allows an attacker can inject a crafted payload into that field which is stored and later rendered...

PT-2025-43999

Name of the Vulnerable Software and Affected Versions Rubikon Banking Solution version 4.0.3 Description A reflected cross-site scripting issue exists in the "Search For Customers Information" endpoints of Rubikon Banking Solution. This allows for the injection of malicious scripts through...