CVE-2026-27964 FacturaScripts: Reflected Cross-Site Scripting (XSS) via Cookie Manipulation

FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting XSS vulnerability through the fsNick cookie parameter. The application reflects the cookie's value directly into the HTML without sanitization. The fsNick cookie ...

CVE-2025-51662

FileCodeBox contains a stored XSS in the text sharing feature for versions ≤ 2.2 due to insufficient input validation. Attackers can inject JavaScript into shared codeboxes, and the payload executes in users’ browsers when they access the infected codebox via a link or shared code. Connected advi...

CVE-2025-60507

CVE-2025-60507 describes a cross-site scripting vulnerability in Moodle GeniAI plugin (local_geniai) version 2.3.6. An authenticated user with the Teacher role can upload a PDF containing embedded JavaScript. The system outputs a direct HTML link to the uploaded file without sanitization, enablin...

CVE-2025-55104 BUG-000173918 - ArcGIS Enterprise Sites has a security vulnerability.

A stored cross-site scripting XSS vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to add and store an XSS payload. If this stored XSS payload is triggered by any user attacker supplied JavaScript may execute ...

CVE-2021-30111

A stored XSS vulnerability exists in Web-School ERP V 5.0 via Add Events in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed...