1316 matches found
CVE-2021-27731
Accellion FTA 912432 and earlier is affected by stored XSS via a crafted POST request to a user endpoint. The fixed version is FTA912444 and later...
CVE-2025-37185
This CVE (CVE-2025-37185) affects the EdgeConnect SD-WAN Orchestrator web administration interface. The vulnerability is described as authenticated stored XSS that could allow an attacker to execute arbitrary script code in the victim’s browser within the affected interface, enabling unauthorized...
CVE-2018-10430
An issue was discovered in DiliCMS aka DiligentCMS 2.4.0. There is a Stored XSS Vulnerability in the fourth textbox of "System setting-site setting" of admin/index.php...
CVE-2021-31327
Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field...
CVE-2021-31908
In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages...
CVE-2016-10896
The seo-redirection plugin before 4.3 for WordPress has stored XSS...
CVE-2022-42235
A Stored XSS issue in Student Clearance System v.1.0 allows the injection of arbitrary JavaScript in the Student registration form...
CVE-2022-37150
An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS vulnerability via firstname, address, middlename, lastname , gender, email, contact parameters...
CVE-2017-18420
cPanel before 66.0.2 allows stored XSS during WHM cPAddons processing SEC-269...
CVE-2019-18347
A stored XSS issue was discovered in DAViCal through 1.1.8. It does not adequately sanitize output of various fields that can be set by unprivileged users, making it possible for JavaScript stored in those fields to be executed by another possibly privileged user. Affected database fields include...
CVE-2019-18791
Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser...
CVE-2019-11676
The user defined DNS name in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to stored XSS attacks...
CVE-2020-12472
MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description...
CVE-2020-10372
Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XSS via the vdms/ipmapping.jsp location field to the dms/rest/services/datastore/createOrEditValueForKey URI...
CVE-2020-24663
Trace Financial CRESTBridge 6.3.0.02 contains a stored XSS vulnerability, which was fixed in 6.3.0.03...
CVE-2024-39143
A stored cross-site scripting XSS vulnerability exists in ResidenceCMS 2.10.1 that allows a low-privilege user to create malicious property content with HTML inside which acts as a stored XSS payload...
CVE-2023-50881
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhance...
CVE-2023-50827
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Accredible Accredible Certificates & Open Badges allows Stored XSS.This issue affects Accredible Certificates & Open Badges: from n/a through 1.4.8...
CVE-2017-18809
NETGEAR ReadyNAS OS 6 devices running ReadyNAS OS versions prior to 6.8.0 are affected by stored XSS...
CVE-2019-20677
Certain NETGEAR devices are affected by stored XSS. This affects RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and RBK50 before 2.3.5.30...