CVE-2023-33780

A stored cross-site scripting XSS vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the body of news article...

phpMyFAQ cross-site scripting vulnerability (CNVD-2023-39428)

phpMyFAQ is a multi-language, fully database-driven FAQ system. A cross-site scripting vulnerability exists in versions prior to phpMyFAQ 3.2.0-beta. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacke...

CVE-2023-30057

Multiple stored cross-site scripting XSS vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload...

CLTPHP Cross-Site Scripting Vulnerability

CLTPHP is an open source and efficient site-building PHP content management system. CLTPHP version 6.0 and previous versions of cross-site scripting vulnerability, the vulnerability stems from the file Changyan.php on the lack of effective user-supplied data filtering and escaping, an attacker ca...

CVE-2023-30094

A stored cross-site scripting XSS vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module...

AeroCMS Cross-Site Scripting Vulnerability (CNVD-2023-32025)

AeroCMS is a content management system from the American company AeroCMS. AeroCMS version v0.0.1 suffers from a cross-site scripting vulnerability that stems from the commentauthor and commentcontent parameters of /post.php failing to properly validate user input. An attacker can exploit this...

Checkmk Cross-Site Scripting Vulnerability (CNVD-2023-32769)

Checkmk is an editor. A cross-site scripting vulnerability exists in Checkmk Appliance versions prior to 1.6.4, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary web script or HTML by injecti...

CVE-2023-24234

CVE-2023-24234 affects Inventory Management System v1, specifically the php-inventory-management-system/brand.php component. The vulnerability is a stored XSS that allows an attacker to inject arbitrary web scripts or HTML via the Brand Name parameter. Reported impact is execution of scripts with...

CVE-2022-46624

CVE-2022-46624 affects Online Graduate Tracer System v1.0.0 and is described as a cross-site scripting (XSS) vulnerability that allows an attacker to execute arbitrary web scripts or HTML through a crafted payload injected into the name parameter. Connected sources corroborate that the affected v...

CVE-2022-45033

CVE-2022-45033 refers to an XSS vulnerability in Expense Tracker 1.0 that enables an attacker to inject and execute arbitrary web scripts or HTML via the Chat text field. The root cause is improper input sanitization in the Chat field, enabling script execution in the victim’s browser. Affected s...

CVE-2022-45028

A cross-site scripting XSS vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha...

CVE-2022-45769

A cross-site scripting XSS vulnerability in ClicShoppingV3 v3.402 allows attackers to execute arbitrary web scripts or HTML via a crafted URL parameter...

CVE-2022-43170

A stored cross-site scripting XSS vulnerability in the Dashboard Configuration feature index.php?module=dashboardconfigure/index of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking "Ad...

CVE-2022-42054

Multiple stored cross-site scripting XSS vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields...

CVE-2022-42247

pfSense v2.5.2 contains a cross-site scripting (XSS) vulnerability in the browser.php component, allowing arbitrary web scripts or HTML to be executed via a crafted payload injected into a file name. The issue is documented in several sources (e.g., NVD, Red Hat, OSV, CVE lists). Connected docume...

CVE-2022-38256

TastyIgniter v3.5.0 was discovered to contain a cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

Enhancesoft osTicket 跨站脚本漏洞

Enhancesoft osTicket is an open source ticketing system from Enhancesoft, Inc. in the United States. A security vulnerability exists in Enhancesoft osTicket, which stems from its component audit/class.audit.php that allows attackers to execute arbitrary web script or HTML via a crafted SVG file...

CVE-2022-33113

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module...

CVE-2022-33113

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module...

CVE-2022-33113

CVE-2022-33113 affects Jfinal CMS v5.1.0. A cross-site scripting vulnerability allows an attacker to inject and trigger arbitrary JavaScript via a crafted payload in the keyword field of the Publish Blog module. The issue is documented across multiple feeds (including Red Hat, Veracode, CNVD and ...