2049 matches found
CVE-2023-53925
UliCMS 2023.1 contains a stored cross-site scripting vulnerability that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the file management interface that execute arbitrary scripts when viewed by other users...
Cross-site Scripting (XSS)
Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the function handler in the Vega AST evaluator. An attacker can execute arbitrary scripts in the...
PT-2025-52303
Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A reflected cross-site scripting issue exists in Kentico Xperience. This allows attackers to inject malicious scripts through administration input fields within the Rich text editor...
CVE-2023-53887
Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser...
CVE-2023-36337
A reflected cross-site scripting XSS vulnerability in the component /index.php/cuzh4 of PHP Inventory Management System 1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
EUVD-2025-203027
Stored cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...
MailEnable AddressesTo Parameter Cross-Site Scripting Vulnerability
MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...
PT-2025-50873
Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user...
Coohom SaaS Platform 安全漏洞
Coohom SaaS Platform is a cloud-based integration platform from Coohom Inc. in the United States. A security vulnerability exists in Coohom SaaS Platform that originates from stored cross-site scripting and could lead to session hijacking or arbitrary script execution...
Selea Targa IP OCR-ANPR Camera 跨站脚本漏洞
Selea Targa IP OCR-ANPR Camera is an IP camera from Selea. A cross-site scripting vulnerability exists in the Selea Targa IP OCR-ANPR Camera that stems from a stored cross-site scripting issue with the fileslist parameter, which could lead to the execution of arbitrary script...
Grav Cross-Site Scripting Vulnerability
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...
Grav Cross-Site Scripting Vulnerability (CNVD-2025-30345)
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...
Grav Cross-Site Scripting Vulnerability (CNVD-2025-30346)
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...
Grav Cross-Site Scripting Vulnerability (CNVD-2025-30347)
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...
Grav Cross-Site Scripting Vulnerability (CNVD-2025-30348)
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...
Grav 跨站脚本漏洞
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...
Grav 跨站脚本漏洞
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...
Grav 跨站脚本漏洞
Grav is an extensible CMS Content Management System for personal blogs, small content publishing platforms and one-page product presentations. Grav suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML by injecting a crafted...
Drupal 安全漏洞
Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal that stems from a cross-site scripting vulnerability in the filename renderer that could lead to the execution of arbitrary script...
CVE-2025-64730
Cross-site scripting vulnerability exists in SNC-CX600W all versions. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the product...