CVE-2010-0726

Cross-site scripting XSS vulnerability in the tb-send.rb TrackBack transmission plugin in tDiary 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly related to the 1 plugintburl and 2 plugintbexcerpt parameters...

CVE-2021-22814

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists which could cause arbritrary script execution when a malicious file is read and displayed. Affected Products: 1-Phase Uninterruptible Power Supply UPS using NMC2 including Smart-UPS,...

CVE-2007-4913

ipskernel/classupload.php in Invision Power Board IPB or IP.Board 2.3.1 up to 20070912 allows remote attackers to upload arbitrary script files with crafted image filenames to uploads/, where they are saved with a .txt extension and are not executable. NOTE: there are limited usage scenarios unde...

CVE-2022-38291

SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting XSS vulnerability via the Search function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search bar...

CVE-2022-38295

Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /tablemanager/view/cuusergroups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function...

CVE-2022-33005

A cross-site scripting XSS vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field...

CVE-2022-42247

pfSense v2.5.2 was discovered to contain a cross-site scripting XSS vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name...

CVE-2022-31300

A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...

CVE-2022-31298

A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request...

CVE-2022-31400

A cross-site scripting XSS vulnerability in /staff/setup/email-addresses of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field...

CVE-2022-35174

A stored cross-site scripting XSS vulnerability in Kirby's Starterkit v3.7.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tags field...

CVE-2011-0526

Cross-site scripting XSS vulnerability in index.php in Vanilla Forums before 2.0.17 allows remote attackers to inject arbitrary web script or HTML via the Target parameter in a /entry/signin action...

CVE-2011-0459

Cross-site scripting XSS vulnerability in Cyber-Ark Password Vault Web Access PVWA 5.0 and earlier, 5.5 through 5.5 patch 4, and 6.0 through 6.0 patch 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2011-0457

Cross-site scripting XSS vulnerability in e107 0.7.22 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2020-10476

Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...

CVE-2024-34231

A cross-site scripting XSS vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Short Name parameter...

CVE-2024-41453

A cross-site scripting XSS vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter...

CVE-2024-41447

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...

CVE-2024-39203

A cross-site scripting XSS vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2024-39242

A cross-site scripting XSS vulnerability in skycaiji v2.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload using evalString.fromCharCode...