CVE-2024-25434

A cross-site scripting XSS vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter...

CVE-2025-27585

A stored cross-site scripting XSS vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System SIS EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Print Name parameter at /rest/staffResource/update...

CVE-2025-22997

The CVE-2025-22997 entry concerns a stored XSS in Linksys E5600 Router (up to version 1.1.0.26) via the PRF_Table_content component, where a crafted payload in the desc parameter can execute arbitrary scripts. Affected product: Linksys E5600 Router (firmware 1.1.0.26 and earlier). Root cause: lac...

CVE-2024-40739

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/add...

JFinalCMS Cross-Site Scripting Vulnerability (CNVD-2024-26516)

JFinalCMS is a content management system. JFinalCMS 20221020 and previous versions of cross-site scripting vulnerability, the vulnerability stems from the file /admin/content parameter Title of the user-supplied data lack of effective filtering and escaping, an attacker can use this vulnerability...

CVE-2024-32337

WonderCMS v3.4.3 is affected by a cross-site scripting (XSS) vulnerability in the Settings section, allowing an attacker to inject arbitrary script or HTML via a crafted payload in the ADMIN LOGIN URL parameter under the Security module. The CVE is CVE-2024-32337. Affected component: Settings → S...

CVE-2024-31651

A cross-site scripting XSS in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter...

CVE-2024-25221

A cross-site scripting XSS vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the Basic Website Information module of eyoucms v1.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2023-33780

A stored cross-site scripting XSS vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the body of news article...

CVE-2020-22719

Shimo Document v2.0.1 contains a cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the table content text field...

CVE-2020-18259

ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting XSS vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Post title or Post content fields...

CVE-2020-20691

An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files...

EyouCms Cross-Site Scripting Vulnerability

EyouCms EyouCms is a ThinkPHP-based open source content management system CMS from Hainan Zanzan Network Technology Co. An attacker can use the vulnerability to execute arbitrary web scripts or HTML...

CVE-2020-23209

A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "List Description" field under the "Edit A List" module...

Cross site scripting

A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Edit Values" field under the "Configure Attributes" module...

Debian DSA-1133-1 : mantis - missing input sanitising

Several remote vulnerabilities have been discovered in the Mantis bug tracking system, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-0664 A cross-site scripting vulnerability was discovered ...

CVE-2004-0675

Cross-site scripting XSS vulnerability in 1 cart32.exe or 2 c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command...