CVE-2025-52470

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists in the sessioncategoryadd.php script. The vulnerability is caused by improper sanitization of the Category Name field, allowing privileged users to inject persistent JavaScrip...

Chamilo 跨站脚本漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of the category name field in the file sessioncategoryadd.php, which could allow privileged...

CVE-2020-36954

Xeroneit Library Management System 3.1 contains a stored cross-site scripting vulnerability in the Book Category feature that allows administrators to inject malicious scripts. Attackers can insert a payload in the Category Name field to execute arbitrary JavaScript code when the page is loaded...

CVE-2020-36954 Xeroneit Library Management System 3.1 - "Add Book Category " Stored XSS

Xeroneit Library Management System 3.1 contains a stored cross-site scripting vulnerability in the Book Category feature that allows administrators to inject malicious scripts. Attackers can insert a payload in the Category Name field to execute arbitrary JavaScript code when the page is loaded...

PT-2026-4778

Xeroneit Library Management System 3.1 contains a stored cross-site scripting vulnerability in the Book Category feature that allows administrators to inject malicious scripts. Attackers can insert a payload in the Category Name field to execute arbitrary JavaScript code when the page is loaded...

CVE-2025-12045 Orbit Fox Companion <= 3.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Post Taxonomy

The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the category and tag 'name' parameters in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output...

EUVD-2007-2230

Malware in sbrugna...

EUVD-2018-12589

Malware in sbrugna...

EUVD-2025-24017

Malicious code in bioql PyPI...

CVE-2025-8740

A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0. It has been classified as problematic. Affected is an unknown function of the file /admin/categories/save of the component Category Handler. The manipulation of the argument categoryName leads to cross site scripting. It is possible to...

MainWP: Reflected XSS in "Create Category" Functionality of Post Creation Module

A reflected Cross-Site Scripting XSS vulnerability was identified in the "Create Category" feature of the post creation functionality. When a user entered a malicious JavaScript payload in the Category Name field, the input was reflected and executed immediately after submission. However, this XS...

CVE-2025-25461

A Stored Cross-Site Scripting XSS vulnerability exists in SeedDMS 6.0.29. A user or rogue admin with the "Add Category" permission can inject a malicious XSS payload into the category name field. When a document is subsequently associated with this category, the payload is stored on the server an...

PT-2025-9108 · Seeddms · Seeddms

Name of the Vulnerable Software and Affected Versions: SeedDMS version 6.0.29 Description: A Stored Cross-Site Scripting XSS vulnerability exists. A user or rogue administrator with the "Add Category" permission can inject a malicious XSS payload into the category name field. When a document is...

PT-2025-3871 · Starsea99 · Starsea99 Starsea-Mall

Name of the Vulnerable Software and Affected Versions: StarSea99 starsea-mall version 1.0 Description: A cross-site scripting issue affects the processing of the file "/admin/categories/update", where the manipulation of the categoryName argument leads to cross-site scripting. The attack may be...

WordPress Featured product by category name Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software Featured product by category name Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51911 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b5ac12bf6fc4 Credits SOPROBRO Required...

CVE-2020-22540

Stored Cross-Site Scripting XSS vulnerability in Codoforum v4.9, allows attackers to execute arbitrary code and obtain sensitive information via crafted payload to Category name component...

PT-2024-10786 · Codoforum · Codoforum

Name of the Vulnerable Software and Affected Versions: Codoforum version 4.9 Description: The issue is a Stored Cross-Site Scripting XSS vulnerability, which allows attackers to execute arbitrary code and obtain sensitive information via a crafted payload to the Category name component...

Stock Management System Cross-Site Scripting Vulnerability

Sourcecodester Stock Management System is an inventory management system. A cross-site scripting vulnerability exists in CodeAstro Stock Management System version 1.0, which originates from /index.php in the component Add Category Handler, which contains unknown processing that leads to cross-sit...

Ultimate Product Catalog < 5.2.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Navigate to the plugin setup page. 2. Go to the...

XSS stored in Category name

Description If a user inject an XSS payload inside a category name. All users that visit the index page will execute the corresponding XSS payload. Proof of Concept Add a malicious category XSS is executed...