Lucene search
K

39 matches found

OSV
OSV
added 2026/02/10 4:16 a.m.8 views

CVE-2026-24325

SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting XSS vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the compromised page.Th...

4.8CVSS5.8AI score0.00185EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.7 views

PT-2026-1840

Name of the Vulnerable Software and Affected Versions phpgurukul Hostel Management System version 2.1 Description The application stores user-provided complaint data, specifically the 'Explain the Complaint' field submitted through the /register-complaint.php endpoint, without proper output...

8.7CVSS7.2AI score0.00261EPSS
Exploits1References5
NVD
NVD
added 2025/11/26 1:16 a.m.7 views

CVE-2025-66258

Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames a...

7.1CVSS0.00164EPSS
Exploits1References1
Hacker One
Hacker One
added 2025/10/25 3:23 a.m.10 views

Revive Adserver: Reflected XSS in account-preferences-plugin.php

A reflected cross-site scripting RXSS vulnerability was discovered in revive-adserver-6.0.1/www/admin/account-preferences-plugin.php via the group query parameter. Untrusted input was reflected without proper output encoding or context-aware escaping, allowing injection of JavaScript into the...

6.3CVSS6.4AI score0.00436EPSS
Exploits1
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.5 views

SAP CRM 跨站脚本漏洞

SAP CRM is a customer relationship management system from SAP, Germany. SAP CRM suffers from a cross-site scripting vulnerability that stems from custom CSS support options that do not adequately encode user-controlled input, which can be exploited by an attacker to execute arbitrary web script o...

6.1CVSS5.9AI score0.00256EPSS
Exploits0References4
OSV
OSV
added 2024/06/03 5:0 p.m.9 views

GHSA-6FC6-CJ2J-H22X TYPO3 Multiple Cross-Site Scripting vulnerabilities in frontend

Failing to properly encode editor input, several frontend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML...

7AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/14 12:0 a.m.5 views

PT-2024-25049 · Unknown · Data Provisioning Service

Name of the Vulnerable Software and Affected Versions: Data Provisioning Service affected versions not specified Description: The issue is related to the Document Service handler in the Data Provisioning Service, which does not properly encode user-controlled inputs. This results in a Cross-Site...

6.1CVSS6.1AI score0.0033EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/11/30 12:0 a.m.6 views

PT-2023-32656 · Unknown · Bigprof Online Invoicing System

Name of the Vulnerable Software and Affected Versions: BigProf Online Invoicing System version 2.6 Description: A vulnerability has been discovered in the BigProf Online Invoicing System, which does not sufficiently encode user-controlled input, resulting in persistent XSS through the...

6.3CVSS5.2AI score0.00388EPSS
Exploits0References5
OSV
OSV
added 2023/08/08 1:15 a.m.7 views

CVE-2023-37488

In SAP NetWeaver Process Integration - versions SAPXIESR 7.50, SAPXITOOL 7.50, SAPXIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting XSS attack. On successful exploitation the attacker can cause limited impact on confidentiality and integrity of t...

6.1CVSS5.8AI score0.00317EPSS
Exploits0References2
OSV
OSV
added 2022/05/11 3:15 p.m.7 views

CVE-2022-27656

The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager ICM does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

6.1CVSS6.4AI score0.0053EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/03/29 2:15 a.m.7 views

CVE-2022-24957

DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object and use the XSS payload as the name. Any user that opens the object's version or history tab will ...

5.4CVSS5.8AI score0.00694EPSS
Exploits1References3
Huntr
Huntr
added 2021/09/09 7:48 a.m.7 views

Cross-site Scripting (XSS) - Reflected in podcastgenerator/podcastgenerator

✍️ Description Cross-site Scripting XSS refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. The...

2.2AI score
Exploits0References1
OSV
OSV
added 2021/02/26 4:15 a.m.6 views

CVE-2019-18942

Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding...

4.8CVSS5.8AI score0.00305EPSS
Exploits0References1
OSV
OSV
added 2020/12/16 5:15 p.m.4 views

CVE-2019-14478

AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting XSS vulnerability in the NetCrunch web client. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScrip...

5.4CVSS6.2AI score0.00569EPSS
Exploits1References2
OSV
OSV
added 2020/09/01 9:23 p.m.3 views

GHSA-XWQW-RF2Q-XMHF Cross-Site Scripting in buefy

Versions of buefy prior to 0.7.2 are vulnerable to Cross-Site Scripting, allowing attackers to manipulate the DOM and execute remote code. The autocomplete list renders user input as HTML without encoding. Recommendation Upgrade to version 0.7.2 or later...

6AI score
Exploits0References3
OSV
OSV
added 2020/08/31 10:41 p.m.27 views

GHSA-3FW8-66WF-PR7M methodOverride Middleware Reflected Cross-Site Scripting in connect

Connect is a stack of middleware that is executed in order in each request. The "methodOverride" middleware allows the http post to override the method of the request with the value of the "method" post key or with the header "x-http-method-override". Because the user post input was not checked,...

6.1CVSS6.4AI score0.01417EPSS
Exploits0References11
CNVD
CNVD
added 2018/09/12 12:0 a.m.4 views

Jspxcms Comments Feature Has XSS Vulnerability

Jspxcms is an open source, Java-based content management system CMS. An XSS vulnerability exists in the comments feature of Jspxcms version 9.0.0, which stems from the failure to encode user-submitted parameters as html entities and to escape special characters, which can be exploited by an...

6.3AI score
Exploits0
CNVD
CNVD
added 2018/05/31 12:0 a.m.3 views

i18next Cross-Site Scripting Vulnerability

i18next is a translation loading framework written in JavaScript. A cross-site scripting vulnerability exists in i18next 2.0.0 and later versions, which stems from the program failing to encode user input. A remote attacker can exploit the vulnerability to inject arbitrary web script or HTML...

6.1CVSS6.2AI score0.01017EPSS
Exploits1References1
OSV
OSV
added 2018/02/03 3:29 p.m.1 views

DEBIAN-CVE-2017-18123

The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs...

8.6CVSS8.8AI score0.02646EPSS
Exploits1References1
Rows per page
Query Builder