xss_hunter.py

EnterXSS Fuzzer – Automated Cross-Site Scripting Detection...

CVE-2026-39338 ChurchCRM has Blind XSS via Global Search – Administrative Cookie Session Exfiltration

ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Reflected Cross-Site Scripting vulnerability exists in the search parameter accepted by the ChurchCRM dashboard. The application fails to sanitize or encode user-supplied input prior to rendering it within the browser's...

CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM Blind XSS via Logs Interface Rendering Administrative Context Execution - Stored Cross-Site Scripting Blind XSS via Unsafe Rendering of User-Controlled Logged Data Description The application renders user-controlled input unsafely within the logs interface. If an...

EUVD-2026-18072

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application renders user-controlled input unsafely within the logs interface. If any stored XSS payload exists within logged...

CVE-2019-19742

On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field...