2578 matches found
CVE-2022-31798
Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /cardscan.php?CardFormatNo= XSS with session fixation via PHPSESSID when they are chained together. This would allow an attacker to take over an admin account or a user account...
CVE-2019-20804
Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account...
CVE-2020-7107
The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via DisplayFAQ to Shortcodes/DisplayFAQs.php...
CVE-2006-1775
Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the 1 Site Description field in a adminboard.php, the 2 Group name and 3 Group description fields in b admingroups.php and c groupcp.php, the 4 Theme Name field in d...
CVE-2021-33666
When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it is vulnerable to MIME sniffing, which, in certain circumstances, could be used to facilitate an XSS attack or malware proliferation...
CVE-2023-29205
XWiki Commons are technical libraries common to several other top level XWiki projects. The HTML macro does not systematically perform a proper neutralization of script-related html tags. As a result, any user able to use the html macro in XWiki, is able to introduce an XSS attack. This can be...
CVE-2021-41249
GraphQL Playground is a GraphQL IDE for development of graphQL focused applications. All versions of graphql-playground-react older than [email protected] are vulnerable to compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names,...
CVE-2022-42967
Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution...
CVE-2022-27111
JfinalCMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it...
CVE-2019-12369
The TypeApp application through 1.9.5.35 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...
CVE-2019-12766
An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors...
CVE-2025-1434
The Spreadsheet view is vulnerable to a XSS attack, where a remote unauthorised attacker can read a limited amount of values or DoS the affected spreadsheet. Disclosure of secrets or other system settings is not affected as well as other spreadsheets still work as expected...
CVE-2019-16763
In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs or vbscript:, allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential attack would be if...
CVE-2025-67734
Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allowed authenticated attackers to enter JavaScript through the Company Website field of the Job Form, exposing users to an XSS attack. The script could then be executed i...
URL Validation Bypass
validator.js is vulnerable to a URL Validation Bypass. The vulnerability is due to isURL using :// instead of : to parse protocols, allowing attackers to craft URLs that bypass protocol and domain checks and potentially enable XSS or open-redirect attacks...
EUVD-2016-1989
Malware in sbrugna...
EUVD-2020-4771
Malware in sbrugna...
EUVD-2017-8901
Malware in sbrugna...
EUVD-2015-9253
Malware in sbrugna...
EUVD-2018-20706
Malware in sbrugna...