3779 matches found
CVE-2021-47917 Simple CMS 2.1 Persistent Cross-Site Scripting via User Input Parameters
Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...
EUVD-2021-34757
PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijackin...
PT-2026-5568
BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers to inject malicious script code through guest order checkout input fields. Attackers can exploit unvalidated input parameters to execute arbitrary scripts, potentially leading to session hijacking,...
PT-2026-5552
Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scripting vulnerability in the search module's keyword parameter. Remote attackers can inject malicious script code through the search input to compromise user sessions and manipulate application content...
PHPSUGAR PHP Melody 跨站脚本漏洞
PHPSUGAR PHP Melody is a content management system developed by PHPSUGAR. The PHPSUGAR PHP Melody 3.0 version has a cross-site scripting vulnerability. This vulnerability stems from the submitted parameter in the edit-video.php file, which has a persistent cross-site scripting vulnerability. This...
CVE-2020-37019
Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim...
EUVD-2020-30960
Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user...
CVE-2020-37014
Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user...
CVE-2025-70336
A Stored cross-site scripting XSS vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets executed on 'View All Live Items' and 'Live...
CVE-2014-4017
Cross-site scripting XSS vulnerability in the Conversion Ninja plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php...
CVE-2014-4946
Multiple cross-site scripting XSS vulnerabilities in Horde Internet Mail Program IMP before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via 1 unspecified flags or 2 a mailbox name in the dynamic mailbox view...
CVE-2005-1443
Multiple cross-site scripting XSS vulnerabilities in index.php for Invision Power Board IPB 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the 1 act, 2 Members, 3 calendar, or 4 HID parameters...
CVE-2005-1308
SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML...
CVE-2023-25347
A stored cross-site scripting XSS vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. These input fields are located in the "Title" Input Field in EventEditor.php...
CVE-2018-18674
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board tail contents" parameter, aka the adm/boardformupdate.php bocontenttail parameter...
CVE-2018-18678
GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "board group extra contents" parameter, aka the adm/boardgroupformupdate.php gr110 parameter...
CVE-2018-18671
GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "mobile board head contents" parameter, aka the adm/boardformupdate.php bomobilecontenthead parameter...
CVE-2009-4039
Cross-site scripting XSS vulnerability in Piwigo before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2009-4398
Cross-site scripting XSS vulnerability in the Parish of the Holy Spirit Religious Art Gallery hsreligiousartgallery extension 0.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2009-4839
Multiple cross-site scripting XSS vulnerabilities in Basic Analysis and Security Engine BASE, possibly 1.4.4 and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 admin/baseroleadmin.php, 2 admin/baseuseradmin.php, 3 baseconfcontents.php, 4...