343 matches found
CVE-2025-0618
CVE-2025-0618 affects Trellix Endpoint Security (HX) Server versions 10.0.2 and earlier. A specially crafted tamper protection event can trigger an unhandled exception in the HX service, causing a persistent denial of service that prevents processing of any further tamper protection events, even ...
TacJS - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-027
This module enables sites to comply with the European cookie law using tarteaucitron.js. The module doesn't sufficiently filter user-supplied markup inside of content leading to a persistent Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker needs...
CVE-2023-6452
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Forcepoint Web Security Transaction Viewer allows Stored XSS. The Forcepoint Web Security portal allows administrators to generate detailed reports on user requests made through the Web proxy. It h...
Carbon Forum 5.9.0 - Stored XSS
Exploit Title: Persistent XSS in Carbon Forum 5.9.0 Stored Date: 06/12/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.94cb.com/ Software Link: https://github.com/lincanbin/Carbon-Forum Version: 5.9.0 Tested on: Windows XP CVE: N/A Vulnerability Details A persistent stored XSS...
Cross site scripting
A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign. An attacker could hijack a user's session and perform other attacks...
ETSI WEBstore 2023 Cross Site Scripting
Document Title: =============== ETSI WEBstore 2023 - Persistent Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2327 Release Date: ============= 2023-07-26 Vulnerability Laboratory ID VL-ID: ====================================...
Tiva Events Calender 1.4 Cross Site Scripting
Document Title: =============== Tiva Events Calender v1.4 - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2276 Release Date: ============= 2023-07-05 Vulnerability Laboratory ID VL-ID:...
CVE-2022-40435
Employee Performance Evaluation System v1.0 was discovered to contain a persistent cross-site scripting XSS vulnerability via adding new entries under the Departments and Designations module...
Cross site scripting
Employee Performance Evaluation System v1.0 was discovered to contain a persistent cross-site scripting XSS vulnerability via adding new entries under the Departments and Designations module...
CVE-2022-42069
Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting XSS vulnerability...
Hotel Management System 跨站脚本漏洞
Hotel Management System is a hotel management system based MIS project by Prem Chand Saini, an individual developer in India. A security vulnerability exists in Hotel Management System version 1.0, which stems from multiple persistent cross-site scripting XSS vulnerabilities in index.php. An...
Cross site scripting
Shopware is an open source e-commerce software. In versions from 5.7.0 a persistent cross site scripting XSS vulnerability exists in the customer module. Users are recommend to update to the current version 5.7.14. You can get the update to 5.7.14 regularly via the Auto-Updater or directly via th...
WordPress plugin wpWax Team 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Cross site scripting
Fast Food Ordering System v1.0 was discovered to contain a persistent cross-site scripting XSS vulnerability via the component /ffos/classes/Master.php?f=savecategory...
CVE-2021-31330
A Cross-Site Scripting XSS vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent...
Cross site scripting
A Cross-Site Scripting XSS vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent...
CVE-2021-23824 Content Injection
This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting XSS vulnerability, assuming an attacker can influence the...
Kentico 跨站脚本漏洞
Kentico is an ASP.NET-based content management system CMS from Kentico, Inc. A security vulnerability exists in Kentico Xperience CMS, which stems from the fact that Kentico Xperience CMS version 13.0 13.0.43 is prone to a persistent cross-site scripting XSS vulnerability also known as stored or...
Cross site scripting
A persistent cross-site scripting XSS vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a...
PT-2026-3809
Name of the Vulnerable Software and Affected Versions Moodle versions prior to 3.10.4 Description A security issue exists in Moodle related to insufficient protection of the web page structure within the calendar event subtitle field. Successful exploitation of this issue could allow a remote...