Cross-site Scripting (XSS)

Overview tinymce is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper handling of SVG namespace scope by the sanitizer. An attacker can execute arbitrary JavaScript by crafting a payload with nested SVG...

WSO2多款产品 注入漏洞

WSO2 API Manager, among others, are products of the American company WSO2. The WSO2 API Manager is a suite of API lifecycle management solutions. The WSO2 API Control Plane is a control panel. The WSO2 Traffic Manager is a component designed to regulate and manage API traffic. Several WSO2 produc...

CVE-2026-3317 Reflected Cross-Site Scripting in Navigate CMS application

Reflected Cross-Site Scripting XSS vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker t...

CVE-2025-55249

HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks...

CVE-2025-55249 HCL AION is affected by a Missing Security Response Headers vulnerability.

HCL AION is affected by a Missing Security Response Headers vulnerability. The absence of standard security headers may weaken the application’s overall security posture and increase its susceptibility to common web-based attacks...

CVE-2025-60043

The CVE-2025-60043 entry concerns the WordPress Wanderic theme (

XWiki Platform 安全漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform that stems from vulnerability to reflective cross-site scripting attacks...

EUVD-2025-199674

Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames a...

EUVD-2025-33889

HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability. A malicious agent may be able to induce this event by feeding a user suitable links, either directly or via another web site...

EUVD-2004-2429

Malware in sbrugna...

EUVD-2012-2356

Malware in sbrugna...

EUVD-2014-2318

Malware in sbrugna...

EUVD-2023-53200

Malicious code in bioql PyPI...

CVE-2025-4760

CVE-2025-4760 is an authenticated stored XSS vulnerability in multiple WSO2 products, arising from improper validation of user-supplied input during API document upload in the Publisher portal. A user with publisher privileges can upload a crafted API document containing malicious JavaScript that...

CVE-2025-57986

CVE-2025-57986 corresponds to a Stored XSS in the WordPress plugin WP Subtitle. The vulnerability is described as Improper Neutralization of Input During Web Page Generation (XSS) affecting WP Subtitle versions from 0 through 3.4.1. The CVE details provided show a CVSS v3.1 base score of 6.5 with...

CVE-2025-53838

LinkAce (prior to 2.1.9) is affected by a stored XSS vulnerability due to insufficient filtering/escaping of user-supplied data in link attributes. An attacker can save malicious JavaScript in the database, which executes in a user’s browser when a crafted link is clicked (one-click XSS). The iss...

Exploit for CVE-2025-60739

ilevia-EVE-X1-Server-CSRF ilevia EVE X1 Server /bhwebbackend...

PT-2024-20859 · Unknown · 3Dsecure 2.0

Name of the Vulnerable Software and Affected Versions: 3DSecure 2.0 version 3DS Authorization Method Description: The issue concerns multiple reflected Cross-Site Scripting XSS vulnerabilities in the 3DS Authorization Method of 3DSecure 2.0. This vulnerability allows reflected XSS via the...

CVE-2024-36164

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

The vulnerability of Adobe Experience Manager’s content and media data management system, related to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.

The vulnerability of the Adobe Experience Manager content and media data management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks...