CVE-2025-46837 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.22 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...

CVE-2025-36577

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection...

CVE-2025-36577

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection...

CVE-2025-5970 PHPGurukul Restaurant Table Booking System add-subadmin.php cross site scripting

A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/add-subadmin.php. The manipulation of the argument fullname leads to cross site scripting. The attack may be launched...

CVE-2025-3117

CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...

REDCap 跨站脚本漏洞

REDCap is a data collection and management web application from the REDCap open source. A cross-site scripting vulnerability exists in REDCap version 13.1.9, which stems from a stored cross-site scripting vulnerability in the Project Dashboard, and could lead to an authenticated user executing...

CVE-2025-49137 Hax CMS Stored Cross-Site Scripting vulnerability

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, the application does not sufficiently sanitize user input, allowing for the execution of arbitrary JavaScript code. The 'saveNode' and 'saveManifest' endpoints take user input and store it in...

GHSA-2VC4-3HX7-V7V7 Hax CMS Stored Cross-Site Scripting vulnerability

Summary The application does not sufficiently sanitize user input, allowing for the execution of arbitrary JavaScript code. The 'saveNode' and 'saveManifest' endpoints take user input and store it in the JSON schema for the site. This content is then rendered in the generated HAX site. Although t...

CVE-2025-46178

Cross-Site Scripting XSS vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement...

CVE-2025-31061 WordPress Wishlist plugin <= 2.1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in redqteam Wishlist allows Reflected XSS. This issue affects Wishlist: from n/a through 2.1.0...

CVE-2025-31917 WordPress Universal Video Player plugin <= 3.8.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Universal Video Player universalvideoplayer allows Reflected XSS.This issue affects Universal Video Player: from n/a through = 3.8.3...

GHSA-J226-63J7-QRQH Laravel Translation Manager Vulnerable to Stored Cross-site Scripting

Impact The application is vulnerable to Cross-Site Scripting XSS attacks due to incorrect input validation and sanitization of user-input data. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user's browser, allowing them to steal sensitive...

CVE-2025-5806

Jenkins Gatling Plugin 136.vb9009b3d33ae serves Gatling reports in a manner that bypasses the Content-Security-Policy protection introduced in Jenkins 1.641 and 1.625, resulting in a cross-site scripting XSS vulnerability exploitable by users able to change report content...

CVE-2025-30977

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chaport Live Chat Chaport chaport allows Stored XSS.This issue affects Chaport: from n/a through = 1.1.6...

WordPress Domain For Sale plugin <= 3.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via class_name Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via classname Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Domain For Sale versions = 3.0.10...

CVE-2025-5796 code-projects Laundry System edit_type.php cross site scripting

A vulnerability has been found in code-projects Laundry System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /data/edittype.php. The manipulation of the argument Type leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

CVE-2025-5806

Jenkins Gatling Plugin 136.vb9009b3d33ae serves Gatling reports in a manner that bypasses the Content-Security-Policy protection introduced in Jenkins 1.641 and 1.625, resulting in a cross-site scripting XSS vulnerability exploitable by users able to change report content...

CVE-2025-30977

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chaport Live Chat Chaport chaport allows Stored XSS.This issue affects Chaport: from n/a through = 1.1.6...

CVE-2025-49427 WordPress Abbie Expander plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ryan Burnette Abbie Expander abbie-expander allows Stored XSS.This issue affects Abbie Expander: from n/a through = 1.0.1...

CVE-2025-49427

CVE-2025-49427 is a Stored XSS in the Abbie Expander WordPress plugin (