XikeStor SKS8310-8X 跨站脚本漏洞

The XikeStor SKS8310-8X is an Ethernet switch produced by the XikeStor company. Versions of XikeStor SKS8310-8X starting from 1.04.B07 and earlier have a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting vulnerability in the System Name field,...

Chamilo 跨站脚本漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.34 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient input validation in the course description field, which could lead to storage-based cross-si...

Chamilo 跨站脚本漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.34 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient input validation in the course learning path settings field, which could lead to storage-bas...

Chamilo 跨站脚本漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.34 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient input validation in social networking and internal messaging functions, which could lead to...

WordPress plugin Fluent Forms Pro 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Envira Gallery 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin My Calendar – Accessible Event Manager 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

HomeBox 跨站脚本漏洞

HomeBox is an open-source project developed by SysAdmins Media, designed for home users. Versions of HomeBox prior to 0.24.0-rc.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the project’s attachment upload feature, where the types of uploaded files were not...

dify 跨站脚本漏洞

dify is an open-source LLM application development platform developed by LangGenius. Versions of dify prior to 1.11.2 had a cross-site scripting vulnerability. This vulnerability stemmed from the relaxed security settings when Mermaid charts were rendered in chat messages, potentially leading to...

NocoDB 跨站脚本漏洞

NocoDB is an open-source alternative to Airtable. It converts any MySQL, PostgreSQL, SQL Server, SQLite, and MariaDB databases into intelligent spreadsheets. Versions of NocoDB prior to 0.301.3 had a cross-site scripting vulnerability. This vulnerability occurred due to insufficient cleanup durin...

WordPress plugin wpForo Forum 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The wpFo...

PluXml CMS 跨站脚本漏洞

PluXml CMS is a database-free content management system developed by the French company PluXml. Versions 5.8.21 and 5.9.0-rc7 of PluXml CMS contain cross-site scripting vulnerabilities. These vulnerabilities stem from the file upload feature’s storage-based cross-site scripting, which may allow f...

Statamic 跨站脚本漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. Versions of Statamic 5.73.11 and earlier, as well as 6.4.0 and earlier, had a cross-site scripting vulnerability. This...

Audiobookshelf 跨站脚本漏洞

Audiobookshelf is an open-source, self-hosted server for audio books and podcasts. Versions of Audiobookshelf prior to 2.32.0 contained a cross-site scripting vulnerability. This vulnerability was caused by malicious library metadata, leading to storage-based cross-site scripting, which could...

Mercator 跨站脚本漏洞

Mercator is an ecosystem visualization software developed by Didier Barzin. Versions of Mercator before 2026.02.22 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of unescaped Blade directives in the display templates, which could lead to storage-based...

GetSimple CMS 跨站脚本漏洞

GetSimple CMS is an open-source content management system developed by GetSimple CMS. Version 3.3.16 of GetSimple CMS has a cross-site scripting vulnerability. This vulnerability stems from improper output encoding of user inputs for the slug field in component functions. It may lead to...

Craft CMS 跨站脚本漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions of Craft CMS from 4.5.0-RC1 to 4.16.18, as well as from 5.0.0-RC1 to 5.8.22, have a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the html column type input in the...

Bludit 跨站脚本漏洞

Bludit is an open-source, lightweight blog content management system developed by Bludit. Version 3.16.2 of Bludit contains a cross-site scripting vulnerability. This vulnerability arises from the fact that post content cleaning is only performed on the client side, while equivalent cleaning is n...

Statamic 跨站脚本漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. Versions of Statamic 5.73.8 and earlier, as well as versions 6.0.0-alpha.1 through 6.3.1, had a cross-site scripting...

LibreNMS 跨站脚本漏洞

LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. Versions of LibreNMS prior to 26.1.1 contained a cross-site scripting vulnerability. This...