EUVD-2025-35798

Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...

CVE-2025-61931

CVE-2025-61931 describes a stored cross-site scripting vulnerability in Pleasanter, affecting the Body, Description and Comments fields. The vulnerability allows an attacker to execute arbitrary JavaScript in a logged-in user’s browser. Multiple connected sources (including JVNDB and Red Hat/NVD ...

CVE-2025-61931

Pleasanter contains a stored cross-site scripting vulnerability in Body, Description and Comments, which allows an attacker to execute an arbitrary script in a logged-in user's web browser...

PT-2025-43580

Name of the Vulnerable Software and Affected Versions Pleasanter affected versions not specified Description Pleasanter contains a stored cross-site scripting issue in the Body, Description, and Comments fields. This allows an attacker to execute an arbitrary script within the web browser of a...

EUVD-2006-0600

Malware in sbrugna...

EUVD-2006-2233

Malware in sbrugna...

CVE-2023-22985

Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting XSS via Name, Referrer, Location, and Comments...

CVE-2022-46058

AeroCMS v0.0.1 was discovered to contain a cross-site scripting XSS vulnerability via addpost.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field...

CVE-2022-22791

SYNEL - eharmony Authenticated Blind & Stored XSS. Inject JS code into the "comments" field could lead to potential stealing of cookies, loading of HTML tags and JS code onto the system...

CVE-2019-25011

NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments...

CVE-2018-16622

Multiple cross-site scripting XSS vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 discription or 2 comments field, related to users/userAddContent...

CVE-2023-22985

Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting XSS via Name, Referrer, Location, and Comments...

CVE-2023-22985

Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting XSS via Name, Referrer, Location, and Comments...

Cross site scripting

AeroCMS v0.0.1 was discovered to contain a cross-site scripting XSS vulnerability via addpost.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field...

AeroCMS 跨站脚本漏洞

AeroCMS is a content management system from the American company AeroCMS. AeroCMS version v0.0.1 contains a security vulnerability that originates from the inclusion of cross-site scripting XSS via addpost.php, which allows an attacker to execute arbitrary web script or HTML via a crafted payload...

PT-2022-27723 · Aerocms · Aerocms

Name of the Vulnerable Software and Affected Versions: AeroCMS version 0.0.1 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field in the add post.php file. This enables the execution of malicious code,...

Saibamen HotelManager 跨站脚本漏洞

Saibamen HotelManager is a web application for managing hotels written in Laravel by the individual developer Saibamen. A security vulnerability exists in Saibamen HotelManager v1.2, which stems from improper sanitization of its comment and contact fields, allowing an attacker to implement...

CVE-2022-27063

AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting XSS vulnerability via viewallcomments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field...

CVE-2022-22791

SYNEL - eharmony Authenticated Blind & Stored XSS. Inject JS code into the "comments" field could lead to potential stealing of cookies, loading of HTML tags and JS code onto the system...

CVE-2022-22791 SYNEL - eharmony Authenticated Blind & Stored XSS

SYNEL - eharmony Authenticated Blind & Stored XSS. Inject JS code into the "comments" field could lead to potential stealing of cookies, loading of HTML tags and JS code onto the system...