176 matches found
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Prompt module when commands return raw HTML. An attacker can execute arbitrary scripts in the context of a user's browser by submitting malicious input that is processed through certain commands. Details...
Cross-site Scripting (XSS)
Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Biography field. An attacker can execute arbitrary JavaScript code in the context of the website...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the markdown field in the info tab page. An attacker can execute arbitrary JavaScript code in the context of a user's browser by injecting malicious content. Details Cross-site scripting or XSS is a code...
CVE-2025-45662
A cross-site scripting XSS vulnerability in the component /master/login.php of mpgram-web commit 94baadb allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload...
CVE-2025-45662
CVE-2025-45662 affects mpgram-web (commit 94baadb) with a vulnerability in /master/login.php enabling cross-site scripting (XSS). An attacker can inject arbitrary Javascript in the victim’s browser. Documented impact: JavaScript execution in user context; CVSSv3.1 base score 6.1 (Medium) with net...
CVE-2025-52462
Cross-site scripting vulnerability exists in Active! mail 6 BuildInfo: 6.30.01004145 to 6.60.06008562. If this vulnerability is exploited, an arbitrary script may be executed on the logged-in user's web browser when the user is accessing a specially crafted URL...
CVE-2025-41439
A reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an arbitrary script may be executed in the web browser of the user who accessed the product...
CVE-2025-45879
A cross-site scripting XSS vulnerability in the e-mail manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload...
CVE-2025-45879
A cross-site scripting XSS vulnerability in the e-mail manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload...
CVE-2025-4987
A stored Cross-site Scripting XSS vulnerability affecting Opportunity Management in Project Portfolio Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...
Cross-site Scripting (XSS)
github.com/forceu/gokapi is vulnerable to stored cross-site scripting XSS. The vulnerability is due to insufficient sanitization and validation of filenames with embedded JavaScript, allows an attacker to execute malicious JavaScript code in the context of other users’ browsers...
CVE-2025-4992
A stored Cross-site Scripting XSS vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-41406
Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the moderator user...
Cross-Site Scripting (XSS)
dotnetnuke.core is vulnerable to cross-site scripting XSS. The vulnerability is due to uploaded SVG files containing scripts that, when rendered inline. It allows an attacker to execute malicious scripts in the context of the user’s browser...
CVE-2024-51099
A reflected cross-site scripting XSS vulnerability in the component mcgs/download-medical-cards.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the searchda...
CVE-2024-44778
A reflected cross-site scripting XSS vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...
CVE-2024-27083
Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute...
CVE-2024-30419
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this...
CVE-2024-23782
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this...
CVE-2024-40111
A persistent stored cross-site scripting XSS vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any us...