PT-2026-40599

Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another administrative user's web browser...

CVE-2018-19223

An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI...

Cross-site Scripting (XSS)

Overview Kentico.Xperience.AspNet.Mvc5.Libraries is an assemblies required to use the Kentico Xperience API in class libraries developed for ASP.NET MVC 5 applications. Does not include content items or other modifications intended for the MVC web application itself. Affected versions of this...

EUVD-2009-2367

Malware in sbrugna...

EUVD-2024-0690

Malicious code in bioql PyPI...

CVE-2025-43924

Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController for /fp/admin/settings/loginpage and the rootserviceurl parameter in FriendsController for /fp/admin/settings/friends, entered by an admin, allow stored XSS...

alf.io 安全漏洞

Alf.io is a free and open source event attendance management system from Alf.io Open Source. A security vulnerability exists in versions prior to alf.io 2.0-M5 that stems from preloaded json data that is not properly escaped, which could result in an administrator or event administrator inserting...

CVE-2024-6521 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.19 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via dropdown fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it...

c-ares: Buffer Underwrite in ares_inet_net_pton()

A vulnerability was found in c-ares. This issue occurs in the aresinetnetpton function, which is vulnerable to a buffer underflow for certain ipv6 addresses. "0::00:00:00/2" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which woul...

CVE-2019-5323

There are command injection vulnerabilities present in the AirWave application. Certain input fields controlled by an administrative user are not properly sanitized before being parsed by AirWave. If conditions are met, an attacker can obtain command execution on the host...

CVE-2020-8493

A stored XSS vulnerability in Kronos Web Time and Attendance webTA affects 3.8.x and later 3.x versions before 4.0 via multiple input fields Login Message, Banner Message, and Password Instructions of the com.threeis.webta.H261configMenu servlet via an authenticated administrator...

Arbitrary File Download and Code Execution Vulnerability in Mycncartt v2.0.0.3

MyCnCart MCC for short is a free, open source B2C, B2B e-commerce platform system developed for the Chinese mainland market. Mycncartt v2.0.0.3 suffers from an arbitrary file download and code execution vulnerability, as the program does not make reasonable judgments and filters on the download...

Cross site scripting

The Drupal filterxssadmin function in 5.x before 5.8 and 6.x before 6.3 does not "prevent use of the object HTML tag in administrator input," which has unknown impact and attack vectors, probably related to an insufficient cross-site scripting XSS protection mechanism...

CVE-2008-3219

The vulnerability CVE-2008-3219 affects Drupal: the filter_xss_admin function in Drupal 5.x before 5.8 and 6.x before 6.3 does not prevent use of the object HTML tag in administrator input. Impact is not clearly defined in the provided documents, with unknown potential attack vectors and an indic...