6239 matches found
CVE-2025-2061
The CVE-2025-2061 entry concerns code-projects Online Ticket Reservation System 1.0. The vulnerability is in /passenger.php where manipulation of a request parameter name enables cross-site scripting (XSS). Exploitation is remote and the exploit has been disclosed publicly. No remediation details...
CVE-2025-27823
An issue was discovered in the Mail Disguise module before 1.x-1.0.5 for Backdrop CMS. It enables a website to obfuscate email addresses, and should prevent spambots from collecting them. The module doesn't sufficiently validate the data attribute value on links, potentially leading to a Cross Si...
seniorentreff.de Cross Site Scripting vulnerability OBB-4033271
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
easydomains.uk Cross Site Scripting vulnerability OBB-4033257
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
sukaichi-e.com Cross Site Scripting vulnerability OBB-4033224
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
nounoudunord.centerblog.net Cross Site Scripting vulnerability OBB-4033120
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2025-26202
Cross-Site Scripting XSS vulnerability exists in the WPA/WAPI Passphrase field of the Wireless Security settings 2.4GHz & 5GHz bands in DZS Router Web Interface. An authenticated attacker can inject malicious JavaScript into the passphrase field, which is stored and later executed when an...
CVE-2024-51953
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
adsland.com Cross Site Scripting vulnerability OBB-4032818
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2024-48246
Vehicle Management System 1.0 contains a Stored Cross-Site Scripting XSS vulnerability in the "Name" parameter of /vehicle-management/booking.php...
CVE-2025-20208
A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS could allow a low-privileged, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based...
CVE-2025-25169
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rachel Cherry Authors Autocomplete Meta Box authors-autocomplete-meta-box allows Reflected XSS.This issue affects Authors Autocomplete Meta Box: from n/a through = 1.2...
CVE-2025-23904
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in rebrandpress Rebrand Fluent Forms rebrand-fluent-forms allows Reflected XSS.This issue affects Rebrand Fluent Forms: from n/a through = 1.0...
CVE-2025-1008
CVE-2025-1008 is a stored XSS in the WordPress plugin “Recently Purchased Products For Woo” (versions up to 1.1.3). The vulnerability allows authenticated attackers with Contributor-level access to inject scripts via the view parameter, which execute when other users load the page. Red Hat and CV...
bbs.anhei2.com Cross Site Scripting vulnerability OBB-4032491
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
eachtax.com Cross Site Scripting vulnerability OBB-4031913
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2024-51960
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-51948
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...
CVE-2024-51945
CVE-2024-51945 describes a stored XSS in Esri ArcGIS Server (versions ≤11.3). An authenticated attacker with publisher privileges can craft a link that, when clicked by a user, may execute arbitrary JavaScript in the browser. Impact is low for confidentiality and integrity; no availability impact...
CVE-2024-51944 Stored XSS in Rest Services Directory
There is a stored Cross-site Scripting vulnerability in ArcGIS Server for versions 11.3 and below that may allow a remote, authenticated attacker to create a stored crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required...