6236 matches found
CVE-2021-22871
Revive Adserver before 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting XSS vulnerability...
CVE-2025-13892 MG AdvancedOptions <= 1.2 - Reflected Cross-Site Scripting
The MG AdvancedOptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2022-38291
SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting XSS vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar...
CVE-2022-38553
Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting XSS vulnerability via the Search parameter...
CVE-2022-38256
TastyIgniter v3.5.0 was discovered to contain a cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2022-38254
Nagios XI before v5.8.7 was discovered to contain a cross-site scripting XSS vulnerability via the ajax.php script in CCM 3.1.5...
CVE-2022-42094
Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the 'Card' content...
CVE-2022-42993
Password Storage Application v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the Setup page...
CVE-2022-42954
Keyfactor EJBCA before 7.10.0 allows XSS...
CVE-2022-42989
ERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting XSS vulnerability via the component Caixa de Entrada...
CVE-2022-37253
Persistent cross-site scripting XSS in Crime Reporting System 1.0 allows a remote attacker to introduce arbitary Javascript via manipulation of an unsanitized POST parameter...
CVE-2022-0428
The Content Egg WordPress plugin before 5.3.0 does not sanitise and escape the page parameter before outputting back in an attribute in the Autoblogging admin dashboard, leading to a Reflected Cross-Site Scripting...
CVE-2025-13853
The Nearby Now Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'datatech' parameter of the nn-tech shortcode in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2011-0909
Cross-site scripting XSS vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526...
CVE-2020-7990
Adive Framework 2.0.8 has admin/user/add userName XSS...
CVE-2020-12262
Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS...
CVE-2024-34312
Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting XSS vulnerability via the component vplide.js...
CVE-2023-25958
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Justin Saad Simple Tooltips plugin = 2.1.4 versions...
CVE-2024-41354
phpipam 1.6 is vulnerable to Cross Site Scripting XSS via /app/admin/widgets/edit.php...
CVE-2024-41345
openflights commit 5234b5b is vulnerable to Cross-Site Scripting XSS via php/trip.php...