3296 matches found
CVE-2023-40684
IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
CVE-2022-23494
tinymce is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which...
CVE-2021-22261
A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's...
PT-2026-1899
Name of the Vulnerable Software and Affected Versions ThemeGoods Grand Restaurant versions prior to 7.0.9 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-site Scripting XSS condition. This allows an attacker...
CVE-2026-21855
The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, a reflected Cross Site Scripting XSS vulnerability in the toast notification system allows any attacker to execute arbitrary JavaScript in the context of a victim's browser session by crafting a malicious...
CVE-2025-15479
Stored cross-site scripting XSS, CWE-79 in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms on Windows and Linux servers allows authenticated remote users with survey creation or edit privileges to execute...
Cross-site Scripting (XSS)
Overview org.webjars.npm:vega-functions is a Custom functions for the Vega expression language. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the internal modify function used by setdata. An attacker can execute arbitrary JavaScript in the context of the...
Cross-site Scripting (XSS)
Overview vega-functions is a Custom functions for the Vega expression language. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the internal modify function used by setdata. An attacker can execute arbitrary JavaScript in the context of the application by supplyin...
Cross-site Scripting (XSS)
Overview org.webjars.npm:vega-selections is a Vega expression functions for Vega-Lite selections. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the vlSelectionTuples processing. An attacker can execute arbitrary JavaScript code in the application's context by...
CVE-2025-65110 Vega Cross-Site Scripting (XSS) via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used...
CVE-2025-65110
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used...
CVE-2025-69210
FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.7, a stored cross-site scripting XSS vulnerability exists in the product file upload functionality. Authenticated users can upload crafted XML files containing executable JavaScript. These...
n8n 跨站脚本漏洞
n8n is a scalable workflow automation tool from n8n open source. A cross-site scripting vulnerability exists in versions prior to n8n 1.114.0 that stems from the Respond to Webhook node not being properly sandboxed when processing HTML content, which could lead to an attacker with workflow creati...
EUVD-2023-60238
myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the template management system that allows authenticated administrators to inject malicious scripts when creating new templates. Attackers can exploit this vulnerability by inserting script payloads in the template title...
CVE-2025-66500
A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...
CVE-2025-66500
A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...
CVE-2025-66500
CVE-2025-66500 describes a stored XSS in Foxit’s webplugins.foxit.com where a postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, enabling arbitrary JavaScript execution when a crafted postMessage is received. The description is consisten...
CVE-2025-66500 Foxit webplugins.foxit.com Stored Cross-Site Scripting via postMessage Vulnerability
A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...
CVE-2025-66500 Foxit webplugins.foxit.com Stored Cross-Site Scripting via postMessage Vulnerability
A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...
PT-2025-52428
A stored cross-site scripting XSS vulnerability exists in webplugins.foxit.com. A postMessage handler fails to validate the message origin and directly assigns externalPath to a script source, allowing an attacker to execute arbitrary JavaScript when a crafted postMessage is received...