CVE-2025-51534

A cross-site scripting XSS vulnerability in Austrian Archaeological Institute AI OpenAtlas v8.11.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field...

CVE-2025-41391

Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser...

PT-2025-31484 · Powercms · Powercms

Name of the Vulnerable Software and Affected Versions: PowerCMS affected versions not specified Description: A stored cross-site scripting issue exists in PowerCMS. Accessing a malicious page could allow for the execution of arbitrary scripts in the user's browser. Recommendations: At the moment,...

WordPress Shortcodes Ultimate plugin cross-site scripting vulnerability

WordPress Shortcodes Ultimate plugin is a plugin for WordPress that provides a rich set of visual component features that allow users to insert a wide range of pre-defined shortcodes such as buttons, accordions, image rotations, etc. into post editors, text widgets, or template files, helping to...

CVE-2025-51401

A stored cross-site scripting XSS vulnerability in the chat transfer function of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the operator name parameter...

CVE-2025-41439

A reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an arbitrary script may be executed in the web browser of the user who accessed the product...

SLNX Help Documentation of RICOH Streamline NX vulnerable to reflected cross-site scripting

Overview SLNX Help Documentation of RICOH Streamline NX provided by Ricoh Company, Ltd. contains a reflected cross-site scripting vulnerability. Reflected cross-site scripting via a specific parameter CWE-79 - CVE-2025-41439 Matteo Santini reported this vulnerability to Ricoh Company, Ltd. direct...

PT-2025-27431 · Ricoh · Ricoh Streamline Nx

Name of the Vulnerable Software and Affected Versions: RICOH Streamline NX affected versions not specified Description: A reflected cross-site scripting issue exists due to a specific parameter in the SLNX Help Documentation of RICOH Streamline NX. If exploited, this could allow the execution of ...

CVE-2025-45661

A cross-site scripting XSS vulnerability in miniTCG v1.3.1 beta allows attackers to execute abritrary web scripts or HTML via injecting a crafted payload into the id parameter at /members/edit.php...

CVE-2025-45661

A cross-site scripting XSS vulnerability in miniTCG v1.3.1 beta allows attackers to execute abritrary web scripts or HTML via injecting a crafted payload into the id parameter at /members/edit.php...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the addPortlet.polyfill.js process. An attacker can execute arbitrary HTML or JavaScript code in the context of a user's browser by editing preference menu heading messages that are rendered without proper...

MailEnable failure.aspx component cross-site scripting vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...

CVE-2025-41406

Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the moderator user...

CVE-2025-41406

CVE-2025-41406 affects wivia 5 all versions. Connected sources confirm a Cross-site Scripting (CWE-79) flaw where, when a user connects to the affected device with a specific operation, an arbitrary script can execute in the moderator’s web browser. No explicit exploit details are provided in the...

CVE-2025-20168

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied...

CVE-2024-26019

Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in submit processing. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product...

CVE-2024-23604

Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters...

CVE-2024-23181

Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote unauthenticated...

CVE-2024-31395

Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.12, Ver.3.0.x series versions prior to Ver.3.0.32, Ver.2.11.x series versions prior to Ver.2.11.61, Ver.2.10.x series versions prior to Ver.2.10.53, and Ver.2.9 and earlier versions. If this...

CVE-2024-23183

Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated...