39 matches found
CVE-2026-24325
SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting XSS vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the compromised page.Th...
PT-2026-1840
Name of the Vulnerable Software and Affected Versions phpgurukul Hostel Management System version 2.1 Description The application stores user-provided complaint data, specifically the 'Explain the Complaint' field submitted through the /register-complaint.php endpoint, without proper output...
CVE-2025-66258
Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames a...
Revive Adserver: Reflected XSS in account-preferences-plugin.php
A reflected cross-site scripting RXSS vulnerability was discovered in revive-adserver-6.0.1/www/admin/account-preferences-plugin.php via the group query parameter. Untrusted input was reflected without proper output encoding or context-aware escaping, allowing injection of JavaScript into the...
SAP CRM 跨站脚本漏洞
SAP CRM is a customer relationship management system from SAP, Germany. SAP CRM suffers from a cross-site scripting vulnerability that stems from custom CSS support options that do not adequately encode user-controlled input, which can be exploited by an attacker to execute arbitrary web script o...
GHSA-6FC6-CJ2J-H22X TYPO3 Multiple Cross-Site Scripting vulnerabilities in frontend
Failing to properly encode editor input, several frontend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML...
PT-2024-25049 · Unknown · Data Provisioning Service
Name of the Vulnerable Software and Affected Versions: Data Provisioning Service affected versions not specified Description: The issue is related to the Document Service handler in the Data Provisioning Service, which does not properly encode user-controlled inputs. This results in a Cross-Site...
PT-2023-32656 · Unknown · Bigprof Online Invoicing System
Name of the Vulnerable Software and Affected Versions: BigProf Online Invoicing System version 2.6 Description: A vulnerability has been discovered in the BigProf Online Invoicing System, which does not sufficiently encode user-controlled input, resulting in persistent XSS through the...
CVE-2023-37488
In SAP NetWeaver Process Integration - versions SAPXIESR 7.50, SAPXITOOL 7.50, SAPXIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting XSS attack. On successful exploitation the attacker can cause limited impact on confidentiality and integrity of t...
CVE-2022-27656
The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager ICM does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
CVE-2022-24957
DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will ...
Cross-site Scripting (XSS) - Reflected in podcastgenerator/podcastgenerator
✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...
CVE-2019-18942
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding...
CVE-2019-14478
AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting XSS vulnerability in the NetCrunch web client. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScrip...
GHSA-XWQW-RF2Q-XMHF Cross-Site Scripting in buefy
Versions of buefy prior to 0.7.2 are vulnerable to Cross-Site Scripting, allowing attackers to manipulate the DOM and execute remote code. The autocomplete list renders user input as HTML without encoding. Recommendation Upgrade to version 0.7.2 or later...
GHSA-3FW8-66WF-PR7M methodOverride Middleware Reflected Cross-Site Scripting in connect
Connect is a stack of middleware that is executed in order in each request. The "methodOverride" middleware allows the http post to override the method of the request with the value of the "method" post key or with the header "x-http-method-override". Because the user post input was not checked,...
Jspxcms Comments Feature Has XSS Vulnerability
Jspxcms is an open source, Java-based content management system CMS. An XSS vulnerability exists in the comments feature of Jspxcms version 9.0.0, which stems from the failure to encode user-submitted parameters as html entities and to escape special characters, which can be exploited by an...
i18next Cross-Site Scripting Vulnerability
i18next is a translation loading framework written in JavaScript. A cross-site scripting vulnerability exists in i18next 2.0.0 and later versions, which stems from the program failing to encode user input. A remote attacker can exploit the vulnerability to inject arbitrary web script or HTML...
DEBIAN-CVE-2017-18123
The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs...