CVE-2024-38317

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2024-57279

A reflected Cross-Site Scripting XSS vulnerability has been identified in the LDAP User Manager = ce92321, specifically in the /setup/index.php endpoint via the returnto parameter. This vulnerability arises due to improper sanitization of user-supplied input, allowing an attacker to inject...

CVE-2025-25073 WordPress Easy WP Tiles plugin <= 1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vasilis Triantafyllou Easy WP Tiles easy-wp-tiles allows Stored XSS.This issue affects Easy WP Tiles: from n/a through = 1...

CVE-2025-23799

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tubegtld .TUBE Video Curator tube-video-curator allows Reflected XSS.This issue affects .TUBE Video Curator: from n/a through = 1.1.9...

CVE-2025-24676

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in umangmetatagg Custom WP Store Locator custom-store-locator allows Reflected XSS.This issue affects Custom WP Store Locator: from n/a through = 1.4.7...

CVE-2021-4143

Cross-site Scripting XSS - Generic in GitHub repository bigbluebutton/bigbluebutton prior to 2.4.0...

CVE-2025-23846

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in thaikolja Flexible Blogtitle flexible-blogtitle allows Reflected XSS.This issue affects Flexible Blogtitle: from n/a through = 0.1...

CVE-2025-22709

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Soft8Soft LLC Verge3D verge3d allows Reflected XSS.This issue affects Verge3D: from n/a through = 4.8.0...

CVE-2025-22341

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in parswp Hide Login+ hide-login allows Reflected XSS.This issue affects Hide Login+: from n/a through = 3.5.1...

CVE-2025-22593

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in burria Laika Pedigree Tree laika-pedigree-tree allows Stored XSS.This issue affects Laika Pedigree Tree: from n/a through = 1.4...

CVE-2025-22357

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpdever Target Notifications target-notifications allows Reflected XSS.This issue affects Target Notifications: from n/a through = 1.1.1...

IBM Maximo Application Suite Cross-Site Scripting Vulnerability (CNVD-2025-02820)

IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Maximo Application Suite version 9.0.0. The...

CVE-2022-48192

Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script JavaScript, VBScript in the context of the application...

CVE-2022-39285

ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability XSS by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the...

CVE-2025-20204 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied...

CVE-2025-20204

CVE-2025-20204 affects Cisco Identity Services Engine (ISE) web-based management interface. The issue is a cross-site scripting (XSS) vulnerability caused by insufficient validation of user-supplied input, enabling an authenticated attacker with valid admin credentials to inject malicious script ...

CVE-2020-26221

touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting XSS. The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser...

CVE-2024-7736

A reflected Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-7939

A stored Cross-site Scripting XSS vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-56299

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pektsekye Notify Odoo notify-odoo allows Stored XSS.This issue affects Notify Odoo: from n/a through = 1.0.0...