CVE-2011-0286

Cross-site scripting XSS vulnerability in webdesktop/app in the BlackBerry Web Desktop Manager component in Research In Motion RIM BlackBerry Enterprise Server BES software before 5.0.2 MR5 and 5.0.3 before MR1, and BlackBerry Enterprise Server Express software 5.0.1 and 5.0.2, allows remote...

CVE-2025-23201

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to Cross-site Scripting XSS on the parameters:/addhost - param: community. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with th...

CVE-2013-6019

Cross-site scripting XSS vulnerability in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to inject arbitrary web script or HTML via the accountNum parameter to an unspecified component...

CVE-2019-16307

A Reflected Cross-Site Scripting XSS vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter webExMeetingLogin.jsp and meetingKey...

FluentCMS 安全漏洞

FluentCMS is a content management system from FluentCMS open source. A security vulnerability exists in FluentCMS version 1.2.3, which stems from improper input cleanup in the head portion of the Add Page feature, which could lead to a remote attacker injecting arbitrary script tags...

PT-2025-53591

Name of the Vulnerable Software and Affected Versions FluentCMS version 1.2.3 Description The application does not properly sanitize input in the section, which can allow remote attackers to inject arbitrary script tags. This issue was identified after logging in as an administrator and navigatin...

CVE-2025-67845

A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences...

EUVD-2025-204425

A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences...

CVE-2025-67845

A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences...

CVE-2025-67845

Summary: CVE-2025-67845 is a directory traversal vulnerability in Mintlify Platform’s Static Asset Proxy Endpoint (prior to 2025-11-15). An attacker can craft a URL with traversal sequences to inject arbitrary web script or HTML. Affected components: Mintlify Platform, Static Asset Proxy Endpoint...

CVE-2025-67842

The CVE describes a vulnerability in Mintlify Platform’s Static Asset API where, prior to 2025-11-15, any tenant’s assets could be served on another tenant’s documentation site via the subdomain parameter, enabling remote arbitrary web script or HTML injection. Affected component: Static Asset AP...

PT-2025-52406

Name of the Vulnerable Software and Affected Versions Mintlify Platform versions prior to 2025-11-15 Description A directory traversal issue exists in the Static Asset Proxy Endpoint. This allows remote attackers to inject arbitrary web script or HTML through a specially crafted URL containing pa...

CVE-2025-66924

A Cross-site scripting XSS vulnerability in Create/Update Item Kits in Open Source Point of Sale v3.4.1 allows remote attackers to inject arbitrary web script or HTML via the "name" parameter...

Cross-site Scripting (XSS)

com.liferay, com.liferay.dynamic.data.mapping.item.selector.web are vulnerable to cross-site scripting XSS. The vulnerability is due to improper input validation in user name fields First Name, Middle Name, Last Name, which allows a remote attacker to inject arbitrary web scripts or HTML via...

EUVD-2025-201188

A security vulnerability has been detected in dayrui XunRuiCMS up to 4.7.1. Affected by this issue is some unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=1 of the component Add Data Validation Page. The manipulation of the argument dataname leads to...

EUVD-2025-197808

Cross-Site Scripting XSS vulnerability exists in SourceCodester AI Font Matcher nid=18425, 2025-10-10 that allows remote attackers to execute arbitrary JavaScript in victims' browsers. The vulnerability occurs in the webfonts API handling mechanism where font family names are not properly...

CVE-2025-63713

Cross-Site Scripting XSS vulnerability in SourceCodester "MatchMaster" 1.0 allows remote attackers to inject arbitrary web script or HTML via crafted input in the custom test creation feature. The vulnerability exists because the application fails to properly sanitize user-supplied input in test...

CVE-2025-62264

CVE-2025-62264 describes a reflected XSS in Liferay Portal and Liferay DXP via the _com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_selectedLanguageId parameter. Affected versions include Liferay Portal 7.4.3.8–7.4.3.111 and Liferay DXP 2023.Q3.1–2023.Q3.10, 2023.Q4.0–2023.Q4...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

EUVD-2025-37011

Cross-site scripting XSS vulnerability in blog-details.php in Hiruna Gallage's Glamour Salon Management System v1 allows remote attackers to inject arbitrary web script or HTML via the blog comment section parameter...