14005 matches found
CVE-2026-40495
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the hideversionpublic security setting. The FOSSBilling version is embedded in the query string of every...
CVE-2025-14773
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...
CVE-2025-14773
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...
EUVD-2025-210046
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...
FortiWeb - Cross Site Scripting
FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points. id: CVE-2021-22122 info: name:...
Agentejo Cockpit 0.10.2 - Cross-Site Scripting
Agentejo Cockpit 0.10.2 contains a reflected cross-site scripting vulnerability due to insufficient sanitization of the to parameter in the /auth/login route, which allows for injection of arbitrary JavaScript code into a web page's content. id: CVE-2020-14408 info: name: Agentejo Cockpit 0.10.2 ...
EUVD-2026-33929
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Emilia Projects Progress Planner allows Stored XSS. This issue affects Progress Planner: from n/a through 1.9.0...
EUVD-2026-33910
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1...
Moodle LTI module Reflected - Cross-Site Scripting
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...
CVE-2025-52759
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS. This issue affects Accordion FAQ: from n/a through 2.2.1...
PT-2026-45716
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS. This issue affects Accordion FAQ: from n/a through 2.2.1...
EUVD-2024-54949
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Akinsoft MyRezzta allows Cross-Site Scripting XSS. This issue affects MyRezzta: from s2.02.02 before v2.05.01...
EUVD-2024-54947
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Akınsoft QR Menü allows Cross-Site Scripting XSS. This issue affects QR Menü: from s1.05.05 before v1.05.12...
CVE-2026-42681
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in E2Pdf.Com e2pdf allows Reflected XSS. This issue affects e2pdf: from n/a through 1.32.14...
CVE-2026-48865
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6...
EUVD-2026-33651
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThimPress LearnPress allows Reflected XSS. This issue affects LearnPress: from n/a through 4.3.6...
CVE-2026-42253
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...
PT-2026-45465
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Liquid Web / StellarWP GiveWP allows DOM-Based XSS. This issue affects GiveWP: from n/a through 4.14.5...
PT-2026-45438
Name of the Vulnerable Software and Affected Versions VeronaLabs WP Statistics versions prior to 14.16.6 Description Improper neutralization of input during web page generation allows for DOM-Based Cross-Site Scripting XSS, a flaw where the application contains client-side JavaScript that process...
PT-2026-45439
Name of the Vulnerable Software and Affected Versions LearnPress versions prior to 4.3.6 Description Improper neutralization of input during web page generation allows for Reflected Cross-Site Scripting XSS, a flaw where an application includes untrusted data in a web page without proper...