CVE-2023-43830

A Cross-site scripting XSS vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'...

CVE-2023-49779

Stored cross-site scripting vulnerability exists in the anchor tag of GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

CVE-2023-49117

PowerCMS 6 Series, 5 Series, and 4 Series contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser. Note that all versions of PowerCMS 3 Series and earlier which are unsupported End-of-Life, EOL...

CVE-2023-49225

A cross-site-scripting vulnerability exists in Ruckus Access Point products ZoneDirector, SmartZone, and AP Solo. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see...

CVE-2023-49971

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customersupport/index.php?page=customerlist...

CVE-2023-49598

Stored cross-site scripting vulnerability exists in the event handlers of the pre tags in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

CVE-2023-49987

A cross-site scripting XSS vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tname parameter...

CVE-2023-45737

Stored cross-site scripting vulnerability exists in the App Settings /admin/app page and the Markdown Settings /admin/markdown page of GROWI versions prior to v3.5.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using...

CVE-2023-31548

A stored Cross-site scripting XSS vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-40982

A stored cross-site scripting XSS vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter...

CVE-2018-1000154

Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page CWE-80 vulnerability in the subject of emails which are not html quoted in certain cases. This can result in the embedding and execution of java script code on users browser...

CVE-2018-6823

In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root...

CVE-2021-22814

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS,...

CVE-2022-38291

SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting XSS vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar...

CVE-2022-38295

Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /tablemanager/view/cuusergroups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function...

CVE-2022-33005

A cross-site scripting XSS vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field...

CVE-2022-33941

PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products/versions are as...

CVE-2022-42458

Authentication bypass using an alternate path or channel vulnerability in bingo!CMS version1.7.4.1 and earlier allows a remote unauthenticated attacker to upload an arbitrary file. As a result, an arbitrary script may be executed and/or a file may be altered...

CVE-2022-42247

pfSense v2.5.2 was discovered to contain a cross-site scripting XSS vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name...

CVE-2022-31300

A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...