CVE-2023-38883

A reflected cross-site scripting XSS vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'ajax' parameter in 'ParentLookup.php'...

CVE-2021-29387

Multiple stored cross-site scripting XSS vulnerabilities in Sourcecodester Equipment Inventory System 1.0 allow remote attackers to inject arbitrary javascript via any "Add" sections, such as Add Item , Employee and Position or others in the Name Parameters...

CVE-2019-13392

A reflected Cross-Site Scripting XSS vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that th...

CVE-2005-4204

Cross-site scripting XSS vulnerability in LogiSphere 0.9.9j allows remote attackers to inject arbitrary Javascript via the msg command. NOTE: due to lack of appropriate details by the original researcher, it is unclear whether this issue is distinct from the msg DoS...

PT-2025-19795 · Unknown +1 · League/Commonmark +1

Name of the Vulnerable Software and Affected Versions: league/commonmark versions 1.5.0 through 2.6.x Description: A cross-site scripting XSS vulnerability in the Attributes extension of the league/commonmark library allows remote attackers to insert malicious JavaScript calls into HTML. The...

CVE-2025-45007

A Reflected Cross-Site Scripting XSS vulnerability was discovered in the profile.php file of PHPGurukul Timetable Generator System v1.0. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the adminname POST request parameter...

CVE-2025-3760

CVE-2025-3760 is a stored XSS vulnerability in Liferay Portal (radio button type custom fields) affecting Portal 7.2.0–7.4.3.129 and Liferay DXP 2024.Q1–Q4, 2023 Q3–Q4, and related GA/update branches. The underlying issue is injection of malicious JavaScript into a page by remote authenticated at...

The vulnerability of the E-Staff automated recruitment process system, related to errors in data filtering during object updates, allows a perpetrator to execute arbitrary JavaScript code.

The vulnerability of the E-Staff recruitment process automation system is related to errors in data filtering during object updates. Exploiting this vulnerability could allow a malicious actor to execute arbitrary JavaScript code remotely...

The vulnerability of the system for managing internal services and automating business processes, IntraService, arises from the lack of measures taken to protect the website structure. This allows attackers to execute arbitrary JavaScript code.

The vulnerability of the system for managing internal services and automating business processes is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...

The vulnerability of the Address Book URI field in the Thunderbird email client, specifically in Thunderbird ESR, arises from the lack of protection for the website structure. This allows attackers to execute arbitrary JavaScript code.

The vulnerability of the Address Book URI field in the Thunderbird email client, specifically in Thunderbird ESR, is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...

CVE-2024-46226

A stored cross site scripting XSS vulnerability in HelpDeskZ v2.0.2 allows remote attackers to execute arbitrary JavaScript in the administration panel by including a malicious payload into the file name and upload file function when creating a new ticket...

CVE-2024-46226

A stored cross site scripting XSS vulnerability in HelpDeskZ v2.0.2 allows remote attackers to execute arbitrary JavaScript in the administration panel by including a malicious payload into the file name and upload file function when creating a new ticket...

VulnCheck KEV: CVE-2020-24901

The default installation of Krpano Panorama Viewer version =1.20.8 is vulnerable to Reflected XSS due to insecure remote js load in file viewer/krpano.html, parameter plugintest.url...

CVE-2024-48761

Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary JavaScript code via the "erro" parameter...

CVE-2025-22917

A reflected cross-site scripting XSS vulnerability in Audemium ERP =0.9.0 allows remote attackers to execute an arbitrary JavaScript payload in the web browser of a user by including a malicious payload into the 'type' parameter of list.php...

PT-2024-9963 · Unknown · Express Web Client

Name of the Vulnerable Software and Affected Versions: eXpress web client affected versions not specified Description: The issue is caused by insufficient protection of the web page structure in the document viewer library of the eXpress web client. This allows a remote attacker to execute...

CVE-2024-55341

CVE-2024-55341 is a stored XSS vulnerability in Piranha CMS 11.1 where an attacker can inject JavaScript by creating a page via /manager/pages and adding Markdown content. The issue originates from the /manager/pages Markdown content handling and can lead to arbitrary script execution in a user’s...

The vulnerability of the PT MultiScanner malware protection system and the PT Sandbox network sandboxing solution lies in the lack of measures taken to protect the structure of web pages, allowing attackers to execute JavaScript code in the browser of the targeted user.

The vulnerability of the PT MultiScanner malware protection system and the PT Sandbox network sandboxing solution is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute JavaScript code in th...

PT-2024-27 · Unknown · Pt Sandbox +1

Name of the Vulnerable Software and Affected Versions: PT MultiScanner and PT Sandbox affected versions not specified Description: The issue is related to the lack of protection for the web page structure in PT MultiScanner and PT Sandbox. This could allow a remote attacker to execute JavaScript...

The vulnerability of the Passwork password manager, related to the lack of protective measures for the website structure, allows attackers to execute arbitrary JavaScript code.

The vulnerability of the Passwork password manager is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...