CVE-2020-23617

A cross site scripting XSS vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element...

Cross-Site Scripting (XSS)

shopware/shopware is vulnerable to non-stored cross-site scripting. The vulnerability exists in storefront because the input parameters are not properly filtered which allows an attacker to inject and execute arbitrary scripts via url...

Cross-Site Scripting (XSS)

facturascripts/facturascripts is vulnerable to stored cross-site scripting. The vulnerability exists in EditPageOption.php due to improper sanitization which allows an attacker to inject and execute arbitrary scripts...

Cross-site Scripting (XSS)

antisamy is vulnerable to cross-site scripting. The vulnerability exists in the processStyleTag function in AntiSamyDOMScanner.java due to lack of input sanitization which allows an attacker to inject and execute arbitrary scripts...

CVE-2022-27961

A cross-site scripting XSS vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box...

Zero-channel BBS Plus 跨站脚本漏洞

Zero-channel BBS Plus is a bulletin board CGI script by the individual developer of Zero-Channel BBS Plus Developers. Zero-channel BBS Plus suffers from a cross-site scripting vulnerability that stems from insufficient cleaning of user-supplied data. A remote attacker could use this vulnerability...

Cross-Site Scripting (XSS)

nilsteampassnet/teampass is vulnerable to reflected cross-site scripting. The vulnerability exists in index.php due to improper sanitization which allows an attacker to inject and execute arbitrary scripts...

CVE-2022-25575

Multiple cross-site scripting XSS vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification code text boxes...

MarkText Cross-Site Scripting Vulnerability

MarkText is a simple and elegant Markdown editor with a focus on speed and usability.A cross-site scripting vulnerability exists in versions of MarkText prior to 0.17.0, which stems from improper handling of links using javascript:scheme in documents. A remote attacker could exploit this...

CVE-2022-24590

A stored cross-site scripting XSS vulnerability in the Add Link function of BackdropCMS v1.21.1 allows attackers to execute arbitrary web scripts or HTML...

CVE-2022-24586

A stored cross-site scripting XSS vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters...

Cross-site Scripting (XSS)

remdex/livehelperchat is vulnerable to stored cross-site scripting. The vulnerability exists due to improper sanitization of the name field in embedcode.tpl.php which allows an attacker to steal user cookies and execute arbitrary scripts...

Cross-site Scripting (XSS)

remdex/livehelperchat is vulnerable to stored cross-site scripting. The vulnerability exists in msgobjlist.tpl.php which allows an attacker to inject and execute arbitrary scripts, which gets executed by browser viewing...

CVE-2022-22114

In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting XSS. The “search term" search functionality is not sufficiently sanitized while displaying the results of the search, which can be leveraged to inject arbitrary scripts. These scripts are executed in a victim’s...

Cross site scripting

In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting XSS. The “search term" search functionality is not sufficiently sanitized while displaying the results of the search, which can be leveraged to inject arbitrary scripts. These scripts are executed in a victim’s...

elecom lan routers cross-site scripting vulnerability

elecom lan routers is a router from Elecom Japan. elecom lan routers is vulnerable to cross-site scripting, which can be exploited to inject arbitrary scripts via unspecified vectors...

elecom lan 跨站脚本漏洞

elecom lan routers is a router from Elecom Japan. elecom lan routers is vulnerable to cross-site scripting, which can be exploited to inject arbitrary scripts via unspecified vectors...

CVE-2021-37999

Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page...

Schneider Electric Nmc Embedded Devices 跨站脚本漏洞

The Schneider Electric Nmc Embedded Devices are a type of Nmc Embedded Devices from Schneider Electric France. A cross-site scripting vulnerability exists in Schneider Electric Nmc Embedded Devices and NMC Embedded Devices that can be exploited by an attacker to execute arbitrary script...

Microsoft Edge (Chromium) < 95.0.1020.40 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 95.0.1020.40. It is, therefore, affected by multiple vulnerabilities as referenced in the October 29, 2021 advisory. - Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker...