CVE-2026-30564

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the viewpayments.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or...

CVE-2026-30556

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via...

CVE-2026-30565

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the viewsupplier.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or...

PT-2026-29033

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view customers.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script ...

CVE-2021-27678

Cross-site scripting XSS vulnerability in Snippets in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name...

CVE-2026-30568

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0 in in the viewpurchase.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2026-30567

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the viewproduct.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...

PT-2026-28411

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Inventory System 1.0 in the view sales.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...

Phoenix Contact多款产品 跨站脚本漏洞

PHOENIX CONTACT FL SWITCH and PHOENIX CONTACT FL NAT are products of the German company PHOENIX CONTACT. PHOENIX CONTACT FL SWITCH is an industrial-grade Ethernet switch. PHOENIX CONTACT FL NAT is a series of industrial security gateways. Several products from Phoenix Contact have a cross-site...

CVE-2026-32774 Vulnogram - Stored Cross-Site Scripting via Comment Hypertext

Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext handling that allows attackers to inject malicious scripts. Remote attackers can inject XSS payloads through comments to execute arbitrary JavaScript in victims' browsers...

CVE-2026-3766

A security flaw has been discovered in SourceCodester Web-based Pharmacy Product Management System 1.0. This impacts an unknown function of the file edit-profile.php. Performing a manipulation of the argument fullname results in cross site scripting. The attack may be initiated remotely. The...

PT-2026-21795

Name of the Vulnerable Software and Affected Versions Dell Wyse Management Suite versions prior to 5.5 Description Dell Wyse Management Suite versions prior to 5.5 are susceptible to a Cross-site Scripting issue. A low privileged attacker with remote access could potentially exploit this, leading...

CVE-2026-1971

A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wizWISP24gmanual of the file wizWISP24gmanual.asp. Such manipulation of the argument manualssid leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public...

CVE-2020-37087

Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input...

CVE-2020-37087

Easy Transfer Wifi Transfer v1.7 for iOS is affected by a persistent XSS due to improper input validation in Create Folder and Move/Edit, exploitable via POST requests by manipulating oldPath, newPath, and path parameters. The issue enables arbitrary JavaScript execution in the mobile web context...

CVE-2025-61638

A flaw was found in MediaWiki. This vulnerability, identified as Cross-site Scripting XSS, allows a remote attacker to inject malicious scripts into web pages due to improper neutralization of input during web page generation. When a user views an affected page, the malicious code can execute in...

CVE-2025-61636

A flaw was found in MediaWiki. This vulnerability, known as Cross-site Scripting XSS, occurs due to improper handling of user-supplied input during web page generation. A remote attacker could exploit this by injecting malicious scripts into web pages, potentially leading to information disclosur...

CVE-2025-61642

A flaw was found in MediaWiki. This improper neutralization of input during web page generation, also known as Cross-site Scripting XSS, allows a remote attacker to inject malicious scripts into web pages viewed by other users. This can lead to information disclosure or other client-side attacks...

CVE-2025-6594

A flaw was found in MediaWiki. This improper neutralization of input during web page generation, commonly known as Cross-site Scripting XSS, allows a remote attacker to inject malicious scripts into web pages. This can lead to information disclosure, session hijacking, or arbitrary code execution...

WordPress Blubrry PowerPress 6.0 Cross Site Scripting

A cross site scripting vulnerability exists in Blubrry PowerPress WordPress Plugin version 6.0. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...