78 matches found
EUVD-2026-33055
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site scripting vulnerability that allows a low-privilege user to execute arbitrary JavaScript in an administrator's browser session. This affects instances configured with SSO/OAuth...
CVE-2026-48999 Stored Cross-Site Scripting (XSS) vulnerability in ZTE ZXUniPOS NDS-LTE product
Attackers carefully craft malicious scripts, such as JavaScript, and inject them into target systems; when other users access pages containing such malicious content, the scripts are automatically loaded and executed in the victim's browser.Attackers can thereby steal user cookies, hijack session...
CVE-2026-41147
NukeViet CMS is a multi Content Management System. Versions 4.5.07 and prior contain a Stored Cross-Site Scripting XSS vulnerability caused by insufficient server-side input sanitization in the Request class. The application relies primarily on client-side filtering to sanitize HTML tags and...
Cross-site Scripting (XSS)
Overview @typebot.io/js is a Javascript library to display typebots on your website Affected versions of this package are vulnerable to Cross-site Scripting XSS via the href attribute in anchor tags rendered from user-controlled content. An attacker can execute arbitrary JavaScript in the context...
HCL Aftermarket DPC Cross-Site Scripting Vulnerability
HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an...
📄 WP Flash Player 1.3 Cross Site Scripting
Multiple cross site scripting vulnerabilities exist in WP Flash Player WordPress Plugin version 1.3. This issue is older research added to the archive. WP Flash Player 1.3 - Multiple Cross-site Scripting Advisory ID: RO-15-011 Severity: High Vendor: WordPress Product: WP Flash Player Version: 1.3...
PT-2025-47299
Name of the Vulnerable Software and Affected Versions WinPlus version 24.11.27 Description A stored Cross-site Scripting XSS issue exists in WinPlus version 24.11.27 due to insufficient validation of user-supplied data. This allows a remote attacker to send a malicious query to an authenticated...
CVE-2025-61319
ReNgine thru 2.2.0 is vulnerable to a Stored Cross-Site Scripting XSS vulnerability in the Vulnerabilities module. When scanning a target with an XSS payload, the unsanitized payload is rendered in the ReNgine web UI, resulting in arbitrary JavaScript execution in the victim's browser. This can b...
EUVD-2005-4679
Malware in sbrugna...
EUVD-2022-38794
Malicious code in bioql PyPI...
EUVD-2022-4251
Malicious code in bioql PyPI...
CVE-2025-40991 Stored XSS in Creativeitem Ekushey CRM
Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/projectfile/upload/xxxx", affecting to "description" parameter via POST. This vulnerability could allow a remote attacker to send a...
CVE-2025-40989
CVE-2025-40989 describes a stored cross-site scripting vulnerability in Ekushey CRM v5.0 (Creativeitem) caused by insufficient validation of user input in the POST endpoint dealing with the applicant’s message, specifically the API path that includes the message parameter. The affected component ...
PT-2025-33702 · Unknown · Sante Pacs Server
Name of the Vulnerable Software and Affected Versions: Sante PACS Server affected versions not specified Description: Sante PACS Server is susceptible to stored cross-site scripting. An attacker can inject malicious HTML code, potentially redirecting a user to a malicious webpage and stealing the...
CVE-2019-14550
An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed when a victim clicks on the Edit Dashboard feature present on the Homepage. An attacker can load malicious JavaScript inside the add tab list feature, which would fire when a user clicks on the Edit Dashboard button, thus...
CVE-2024-10723
A stored cross-site scripting XSS vulnerability was discovered in phpipam/phpipam version 1.5.2. This vulnerability allows an attacker to inject malicious scripts into the destination address field of the NAT tool, which can be executed when a user interacts with the field. The impact of this...
CVE-2024-50637
UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting XSS in the Create User function. This allows attackers to perform XSS via an SVG document, which can be used to steal cookies...
CVE-2023-33860
IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the...
Cross-site Scripting (XSS)
Overview sidekiq-unique-jobs is a package containing unique jobs that were removed from sidekiq. Affected versions of this package are vulnerable to Cross-site Scripting XSS via specially crafted GET request parameters handled by any of the following endpoints of the "admin" web UI: /changelogs,...
Cups Easy 跨站脚本漏洞
Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the description parameter on the /cupseasylive/itempopup.php page. An attacker could us...