33 matches found
CVE-2026-9148 Comments <= 7.6.56 - Unauthenticated Stored Cross-Site Scripting via 'Website' Field
The Comments – wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the guest commenter 'Website' field in versions up to, and including, 7.6.56 This is due to insufficient output escaping in the getCommentAuthor function, which interpolates the stored commentauthorurl...
CVE-2026-9148
The Comments – wpDiscuz plugin for WordPress (affected: versions up to 7.6.56) is vulnerable to Stored XSS via the guest commenter field Website. The root cause is insufficient output escaping in getCommentAuthor(), which interpolates the stored comment_author_url directly into single-quoted HTML...
CVE-2025-61931
CVE-2025-61931 describes a stored cross-site scripting vulnerability in Pleasanter, affecting the Body, Description and Comments fields. The vulnerability allows an attacker to execute arbitrary JavaScript in a logged-in user’s browser. Multiple connected sources (including JVNDB and Red Hat/NVD ...
CVE-2025-61931
Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...
EUVD-2025-35798
Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...
PT-2025-43580
Name of the Vulnerable Software and Affected Versions Pleasanter affected versions not specified Description Pleasanter contains a stored cross-site scripting issue in the Body, Description, and Comments fields. This allows an attacker to execute an arbitrary script within the web browser of a...
EUVD-2006-2233
Malware in sbrugna...
EUVD-2006-0600
Malware in sbrugna...
CVE-2023-22985
Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting XSS via Name, Referrer, Location, and Comments...
CVE-2022-46058
AeroCMS v0.0.1 was discovered to contain a cross-site scripting XSS vulnerability via addpost.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field...
CVE-2022-22791
SYNEL - eharmony Authenticated Blind & Stored XSS. Inject JS code into the "comments" field could lead to potential stealing of cookies, loading of HTML tags and JS code onto the system...
CVE-2019-25011
NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments...
CVE-2018-16622
Multiple cross-site scripting XSS vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 discription or 2 comments field, related to users/userAddContent...
CVE-2023-22985
Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting XSS via Name, Referrer, Location, and Comments...
CVE-2023-22985
Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting XSS via Name, Referrer, Location, and Comments...
Cross site scripting
AeroCMS v0.0.1 was discovered to contain a cross-site scripting XSS vulnerability via addpost.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field...
PT-2022-27723 · Aerocms · Aerocms
Name of the Vulnerable Software and Affected Versions: AeroCMS version 0.0.1 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field in the add post.php file. This enables the execution of malicious code,...
AeroCMS 跨站脚本漏洞
AeroCMS is a content management system from the American company AeroCMS. AeroCMS version v0.0.1 contains a security vulnerability that originates from the inclusion of cross-site scripting XSS via addpost.php, which allows an attacker to execute arbitrary web script or HTML via a crafted payload...
Saibamen HotelManager 跨站脚本漏洞
Saibamen HotelManager is a web application for managing hotels written in Laravel by the individual developer Saibamen. A security vulnerability exists in Saibamen HotelManager v1.2, which stems from improper sanitization of its comment and contact fields, allowing an attacker to implement...
CVE-2022-27063
AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting XSS vulnerability via viewallcomments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field...