1498 matches found
CVE-2025-63528
A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the blooddinfo.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the erro...
Cross-site Scripting (XSS)
Overview tryton-sao is a Tryton webclient Affected versions of this package are vulnerable to Cross-site Scripting XSS via the search completion process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by submitting crafted input that is not properly escaped...
PT-2025-48036
Name of the Vulnerable Software and Affected Versions Dashboards affected versions not specified Description A Stored Cross-Site Scripting issue exists in the Dashboards functionality because of inadequate validation of an input parameter. An authenticated, low-privilege user can create a malicio...
CVE-2025-63645
A stored cross-site scripting XSS vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the application's message system. Unsanitized message content submitted by one user is persisted by the server and later rendered in another user's Inbox view without appropriate context-aware...
CVE-2025-42886 Reflected Cross-Site Scripting (XSS) vulnerability in SAP Business Connector
Due to a Reflected Cross-Site Scripting XSS vulnerability in SAP Business Connector, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated victim accesses this link, the injected input is processed during web page generation, resulting in...
CVE-2025-63639
The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting XSS due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing th...
CVE-2025-63639
The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting XSS due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing th...
CVE-2025-33110
CVE-2025-33110 affects IBM OpenPages 9.1 and 9.0 with Watson. The issue is HTML injection in the UI, allowing a remote attacker to inject HTML that runs in the victim’s browser within the hosting site’s security context. IBM’s bulletin confirms affected versions and lists fixes: 9.1.2 for 9.1 and...
PT-2025-45374
IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
Stored Cross-Site Scripting (XSS)
com.liferay, com.liferay.change.tracking.service is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper validation of user-supplied input in the notifications widget’s “Name” text field, which allows an attacker to inject arbitrary web scripts or HTML into a...
CVE-2025-63417
A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat message input field. This malicious content is stored and then executed in the context of other users'...
EUVD-2024-55059
Nagios Log Server versions prior to 2024R1 contain a stored cross-site scripting XSS vulnerability where an attacker-supplied username containing JavaScript is stored and later rendered without proper encoding/escaping in admin or user-facing pages. When an authenticated victim loads the affected...
CVE-2024-58272
...
CVE-2025-36121
IBM OpenPages 9.1 and 9.0 is vulnerable to HTML injection. A remotely authenticated attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...
CVE-2025-36121
IBM OpenPages 9.0 and 9.1 are affected by an HTML injection (XSS) vulnerability in a specific URL endpoint. A remotely authenticated attacker could inject malicious HTML that executes in the victim’s browser within the hosting site's security context. CVSS v3.1 base score is 5.4 (medium) with net...
PT-2025-43972
Name of the Vulnerable Software and Affected Versions IBM OpenPages versions 9.0 and 9.1 Description IBM OpenPages versions 9.0 and 9.1 are susceptible to HTML injection. A remotely authenticated attacker can inject malicious HTML code that executes in a victim’s web browser within the security...
EUVD-2025-35655
Movable Type contains a stored cross-site scripting vulnerability in Edit CategorySet of ContentType page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit CategorySet of...
EUVD-2025-34746
Stored cross-site scripting XSS vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser...
CVE-2025-58115
ChatLuck contains a cross-site scripting vulnerability in Guest User Sign-up. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing the product...
ChatLuck 跨站脚本漏洞
ChatLuck is an enterprise internal and external communication software from the Japanese company ChatLuck. ChatLuck suffers from a cross-site scripting vulnerability that originates from a cross-site scripting vulnerability in guest user registration, which could lead to the execution of arbitrar...