80 matches found
CVE-2021-47837 Markdownify 1.2.0 - Persistent Cross-Site Scripting
Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...
CVE-2021-47837 Markdownify 1.2.0 - Persistent Cross-Site Scripting
Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...
Cross-site Scripting (XSS)
Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the page editing. An attacker can execute arbitrary JavaScript in the context of other users by injecting malicio...
Cross Site Scripting (XSS)
mediawiki/cargo is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient input sanitization during web page generation, which allows an attacker to inject and store malicious scripts that are executed in the context of other users when the affected content is viewed...
CVE-2025-12415 MapMap <= 1.1 - Cross-Site Request Forgery to Settings Update and Stored Cross-Site Scripting
The MapMap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the adminshortcodesubmit, adminconfigurationsubmit, and adminshortcodedelete functions. This makes it possible for...
CVE-2025-59978
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to store script tags directly in web pages that, when viewed by another user, enable the attacker to execute commands with the target's...
EUVD-2025-33389
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to store script tags directly in web pages that, when viewed by another user, enable the attacker to execute commands with the target's...
EUVD-2025-33392
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Junos Space Security Director allows an attacker to inject malicious scripts into the application, which are then stored and executed in the context of other users' browsers when they access...
CVE-2025-61996
CVE-2025-61996 affects OPEXUS FOIAXpress prior to 11.13.3.0. An administrative user can inject JavaScript or other content into the Annual Report Template, with injected content executed in other users’ sessions when they generate an Annual Report. This constitutes a stored XSS exposure that coul...
EUVD-2025-27974
Malicious code in bioql PyPI...
EUVD-2023-54519
Malicious code in bioql PyPI...
EUVD-2023-31715
Malicious code in bioql PyPI...
EUVD-2025-18035
Malicious code in bioql PyPI...
EUVD-2025-18021
Malicious code in bioql PyPI...
CVE-2025-57203
MagicProject AI version 9.1 is affected by a Cross-Site Scripting XSS vulnerability within the chatbot generation feature available to authenticated admin users. The vulnerability resides in the prompt parameter submitted to the /dashboard/user/generator/generate-stream endpoint via a...
CVE-2025-8360 LA-Studio Element Kit for Elementor <= 1.5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets in all versions up to, and including, 1.5.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...
CVE-2025-49486
A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 for Joomla allows privileged users to store malicious scripts in gallery items...
CVE-2025-53930
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionarespecie.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inje...
Cross-Site Scripting (XSS)
ibexa/fieldtype-richtext is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization and escaping in the back office components, allowing malicious scripts to be injected and stored...
CVE-2024-28092
UBEE DDW365 XCNDDW365 8.14.3105 software on hardware 3.13.1 allows a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via RgFirewallEL.asp, RgDdns.asp, RgTime.asp, RgDiagnostics.asp, or RgParentalBasic.asp. The affected fields are SMTP Server Name, SMTP Username, Host Name, Ti...