CVE-2026-32403

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Companion: from n/a through = 1.194...

CVE-2025-70038

CVE-2025-70038 affects linagora Twake v2023.Q1.1223. The issue is CWE-79 (Improper Neutralization of Input During Web Page Generation) enabling arbitrary code execution. Reported across multiple feeds (Red Hat, NVD, CIRCL, ENISA EUVD) with CVSSv3.1 base score 8.8 ( HIGH; AV:N/AC:L/PR:N/UI:R/S:U/C...

CVE-2026-1819

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Karel Electronics Industry and Trade Inc. ViPort allows Stored XSS.This issue affects ViPort: through 23012026...

CVE-2025-2406

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Trizbi allows Cross-Site Scripting XSS.This issue affects Trizbi: before 2.144.4...

EUVD-2025-36020

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webnique USERCENTRICS CMP usercentrics-consent-management-platform allows Stored XSS.This issue affects USERCENTRICS CMP: from n/a through = 1.0.9...

EUVD-2025-24724

Malicious code in bioql PyPI...

EUVD-2025-27401

Malicious code in bioql PyPI...

EUVD-2025-27548

Malicious code in bioql PyPI...

CVE-2025-58028

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aum Watcharapon Designil PDPA Thailand pdpa-thailand allows Stored XSS.This issue affects Designil PDPA Thailand: from n/a through = 2.0.1...

CVE-2025-49392

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in themifyme Themify Audio Dock themify-audio-dock allows Stored XSS.This issue affects Themify Audio Dock: from n/a through = 2.0.5...

PT-2025-33944 · Brewlabs · Sensorpress

Name of the Vulnerable Software and Affected Versions: brewlabs SensorPress versions through 1.0 Description: Improper neutralization of input during web page generation allows for stored cross-site scripting XSS. Recommendations: At the moment, there is no information about a newer version that...

CVE-2024-51798

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Surbma Surbma | Font Awesome surbma-font-awesome allows DOM-Based XSS.This issue affects Surbma | Font Awesome: from n/a through = 3.0...

CVE-2018-25090 Wago: Improper Neutralization of Input During Web Page Generation in multiple devices

An unauthenticated remote attacker can use an XSS attack due to improper neutralization of input during web page generation. User interaction is required. This leads to a limited impact of confidentiality and integrity but no impact of availability...

GHSA-PGXV-H967-FW2Q Improper Neutralization of Input During Web Page Generation in Jenkins

A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other us...

FortiWeb - Reflected cross-site scripting in error controllers

Multiple improper neutralization of input during web page generation 'Cross-site Scripting' CWE-79 in FortiWeb may allow an unauthenticated user to inject malicious javascript code into the response webpage via crafted requests to device's error handlers...

[SECURITY] Fedora 11 Update: php-5.2.13-1.fc11

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...