17 matches found
CVE-2026-6824
A stored cross-site scripting XSS vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend. When administrators o...
CVE-2026-10058 ITP Technology|ITS Intelligent SCADA System - Stored Cross-Site Scripting
ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...
CVE-2026-9144
Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields...
Cross-site Scripting (XSS)
Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the branding.name field on SPA index page in File Browser. An attacker can execute arbitrary JavaScript in the context of all users, includin...
CVE-2015-20113
CVE-2015-20113 affects RealtyScript 4.0.2 (Next Click Ventures). Connected sources confirm multiple vulnerabilities: cross-site request forgery (CSRF) and persistent cross-site scripting (XSS). The explorable impact described is that an attacker can craft a malicious page to trigger unauthorized ...
CVE-2026-27473 SPIP < 4.4.9 Stored Cross-Site Scripting via Syndicated Sites
SPIP before 4.4.9 allows Stored Cross-Site Scripting XSS via syndicated sites in the private area. The URLSYNDIC output is not properly sanitized on the private syndicated site page, allowing an attacker who can set a malicious syndication URL to inject persistent scripts that execute when other...
CVE-2019-25421
Comodo Dome Firewall 2.7.0 contains multiple cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through the policyfw endpoint. Attackers can submit POST requests with JavaScript payloads in the mac, target, and remark parameters to execute arbitrary code in...
CVE-2019-25421 Comodo Dome Firewall 2.7.0 Cross-Site Scripting via policyfw
Comodo Dome Firewall 2.7.0 contains multiple cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through the policyfw endpoint. Attackers can submit POST requests with JavaScript payloads in the mac, target, and remark parameters to execute arbitrary code in...
PT-2026-20824
Comodo Dome Firewall 2.7.0 contains multiple cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through the policyfw endpoint. Attackers can submit POST requests with JavaScript payloads in the mac, target, and remark parameters to execute arbitrary code in...
Deciso OPNsense 跨站脚本漏洞
Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Version Decivo OPNsense 19.1 contains a cross-site scripting vulnerability. This vulnerability stems from the tunable parameter in the systemadvancedsysctl.php endpoint,...
CVE-2021-47913
PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation...
CVE-2021-47858
Genexis Platinum-4410 P4410-V2-1.31A contains a stored cross-site scripting (XSS) vulnerability in the start_addr field of the Security Management interface. The vulnerability allows injecting scripts that persist and execute for privileged users when they access the security management page. A P...
EUVD-2025-35687
Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is...
CVE-2025-1679
CVE-2025-1679 and CVE-2025-1680 concern Moxa Ethernet switches. CVE-2025-1679 is a stored Cross-site Scripting (XSS) in the device web interface: an authenticated admin can inject scripts that affect authenticated users, with impact on the subsequent system’s confidentiality and integrity but not...
CVE-2025-1679
Cross-site Scripting has been identified in Moxa’s Ethernet switches, which allows an authenticated administrative attacker to inject malicious scripts to an affected device’s web service that could impact authenticated users interacting with the device’s web interface. This vulnerability is...
CVE-2017-20057
A vulnerability classified as problematic has been found in Elefant CMS 1.3.12-RC. Affected is an unknown function. The manipulation of the argument username leads to basic cross site scripting Persistent. It is possible to launch the attack remotely. Upgrading to version 1.3.13 is able to addres...
Magento application-side validation and bypass vulnerabilities
Magento is an open source e-commerce web application. An authentication and bypass vulnerability exists on the Magento application side, allowing remote attackers to bypass the authentication process of major magento tier 1 applications and execute malicious persistent scripts within them...