44 matches found
CVE-2023-40068
Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative...
CVE-2025-59158 Coolify has Stored XSS in Project Name
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Coolify versions prior to and including v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting XSS attack in the project creation workflow. An authenticated user with low privileges e.g....
CVE-2025-69210
FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.7, a stored cross-site scripting XSS vulnerability exists in the product file upload functionality. Authenticated users can upload crafted XML files containing executable JavaScript. These...
EUVD-2020-21525
Malware in sbrugna...
EUVD-2025-21699
Malicious code in bioql PyPI...
CVE-2025-34157
CVE-2025-34157 concerns Coolify. A stored XSS in the project-creation workflow affects versions prior to 4.0.0-beta.420.6. An authenticated user with low privileges can craft a project name containing JavaScript, which when an administrator deletes the project executes in the admin context, enabl...
CVE-2025-53923
Emlog is an open source website building system. A cross-site scripting XSS vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. Due to lack of sanitization it is possible to inject HTML/JS code into keywor...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the displayablelinksjs function. An attacker can execute arbitrary JavaScript code in the context of another authenticated admin user's browser by creating a blog post with a crafted title and tricking the...
CVE-2021-20717
Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser...
PT-2025-3005 · Nradio · Nradio N8-180 Nros
Name of the Vulnerable Software and Affected Versions: NRadio N8-180 NROS version 1.9.2.n3.c5 Description: An issue was discovered in NRadio devices, where the "/cgi-bin/luci/nradio/basic/radio" endpoint is vulnerable to XSS via the 2.4 GHz and 5 GHz name parameters. This allows an attacker to...
CVE-2024-41914
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary...
CVE-2023-6790
A DOM-Based cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when they view a specifically crafted link to the PAN-OS web interface...
CVE-2023-37425
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary...
CVE-2023-37423
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute...
PT-2023-14235 · Aruba · Aruba Edgeconnect Enterprise Orchestrator
Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise Orchestrator versions 9.2.1.40179 and below Aruba EdgeConnect Enterprise Orchestrator versions 9.1.4.40436 and below Aruba EdgeConnect Enterprise Orchestrator versions 9.0.7.40110 and below Aruba EdgeConnect...
PT-2021-22017 · Apache · Apache Couchdb
Name of the Vulnerable Software and Affected Versions: Apache CouchDB versions prior to 3.1.2 Description: A malicious user with permission to create documents in a database can attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, any JavaScript code...
MagazinegerZ vulnerable to cross-site scripting
Overview MagazinegerZ provided by CGI Script Market is a CGI script which provides a function to enable email newsletter distribution for a website. MagazinegerZ contains a stored cross-site scripting vulnerability CWE-79 which allows unintentional script execution on the web browser of the...
CVE-2019-13080
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability via an SVG image and HTML file that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser...
CVE-2018-0666
Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be...
Palo Alto Traps Server 3.1.2.1546 - Persistent XSS Vulnerability
Exploit for windows platform in category web applications !/usr/bin/ruby =begin ------------------------------------------------------------------------ Product: Palo Alto Traps Server formerly Cyvera Endpoint Protection Vendor: Palo Alto Networks Vulnerable Versions: 3.1.2.1546 Tested Version:...