CVE-2010-0432

Multiple cross-site scripting XSS vulnerabilities in the Apache Open For Business Project aka OFBiz 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via 1 the productStoreId parameter to control/exportProductListing, 2...

CVE-2010-0449

Cross-site scripting XSS vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2001-1522

Cross-site scripting XSS vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message...

CVE-2001-1526

Cross-site scripting XSS vulnerability in the comments action in index.php in easyNews 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the zeit parameter...

CVE-2003-1146

Cross-site scripting XSS vulnerability in John Beatty Easy PHP Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the dir parameter...

CVE-2003-1277

Cross-site scripting XSS vulnerabilities in Yet Another Bulletin Board YaBB 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into 1 newsicon of newstemplate.php, and 2 threadid a...

CVE-2021-27479

ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users...

CVE-2021-27677

Cross-site scripting XSS vulnerability in Galleries in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name...

CVE-2021-27695

Multiple stored cross-site scripting XSS vulnerabilities in openMAINT 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any "Add" sections, such as Add Card Building & Floor, or others in the Name and Code Parameters...

CVE-2021-33332

Cross-site scripting XSS vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote attackers to inject arbitrary web script or HTML via the...

CVE-2021-33339

Cross-site scripting XSS vulnerability in the Fragment module in Liferay Portal 7.2.1 through 7.3.4, and Liferay DXP 7.2 before fix pack 9 allows remote attackers to inject arbitrary web script or HTML via the comliferaysiteadminwebportletSiteAdminPortletname parameter...

CVE-2021-28280

CSRF + Cross-site scripting XSS vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML...

CVE-2021-28901

Multiple cross-site scripting XSS vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and earlier, which allows remote attackers to inject arbitrary web script or HTML via the 1 NOMCLI , 2 ADRESSE , 3 ADRESSE2, 4 LOCALITE parameters to /eshop/products/json/aouCustomerAdresse; and the 5 nomlis...

CVE-2025-13862 Menu Card <= 0.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Menu Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the category parameter in all versions up to, and including, 0.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-13704

CVE-2025-13704 affects the Autogen Headers Menu WordPress plugin. The issue is a stored cross-site scripting (XSS) in the shortcode parameter head_class used by the autogen_menu shortcode. The vulnerability arises from insufficient input sanitization and output escaping in all versions up to and ...

CVE-2007-4557

Cross-site scripting XSS vulnerability in the webacc servlet in Novell GroupWise 6.5 WebAccess allows remote attackers to inject arbitrary web script or HTML via the User.Id parameter, as demonstrated by a URL within a url field in a STYLE element, possibly due to an incomplete fix for...

CVE-2022-38080

Reflected cross-site scripting vulnerability in Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows a remote authenticated attacker to inject an arbitrary...

CVE-2022-38975

DOM-based cross-site scripting vulnerability in EC-CUBE 4 series EC-CUBE 4.0.0 to 4.1.2 allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted page...

CVE-2022-38089

Stored cross-site scripting vulnerability in Exment PHP8 exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, PHP7 exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier allows a remote authenticated attacker to inject an arbitrary script...

CVE-2022-23916

Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows ...