CVE-2020-10041

A vulnerability has been identified in SICAM MMU All versions V2.05, SICAM SGU All versions, SICAM T All versions V2.18. A stored Cross-Site-Scripting XSS vulnerability is present in different locations of the web application. An attacker might be able to take over a session of a legitimate user...

CVE-2024-2718

A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/booking-bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack ma...

EUVD-2024-44275

Malicious code in bioql PyPI...

EUVD-2023-23564

Malicious code in bioql PyPI...

CVE-2024-5137

A vulnerability classified as problematic was found in PHPGurukul Directory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php of the component Searchbar. The manipulation leads to cross site scripting. The attack can be launched...

CVE-2023-46344

A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting XSS vulnerability in the switch group function under /ilang=DE=csmartenergyswgroups in the web...

CVE-2025-20247

Cisco Webex is affected by CVE-2025-20247, a cross-site scripting (XSS) vulnerability caused by improper filtering of user input. An unauthenticated, remote attacker can lure a user to a malicious link, potentially executing script in the victim’s context. The issue impacts Cisco Webex’s handling...

CVE-2025-4256

A vulnerability classified as problematic was found in SeaCMS 13.2. This vulnerability affects unknown code of the file /adminpaylog.php. The manipulation of the argument cstatus leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and...

CVE-2025-2974

A vulnerability has been found in CodeCanyon Perfex CRM up to 3.2.1 and classified as problematic. This vulnerability affects unknown code of the file /contract of the component Contracts. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely...

CVE-2024-12982

A vulnerability was found in PHPGurukul Blood Bank & Donor Management System 2.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bbdms/admin/update-contactinfo.php. The manipulation of the argument Address leads to cross site scripting. The...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-09602)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

PHPJabbers Vacation Rental Script 4.0 - CSRF

Exploit Title: PHPJabbers Vacation Rental Script 4.0 - CSRF Date: 05/08/2023 Exploit Author: Hasan Ali YILDIR Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/vacation-rental-script/ Version: 4.0 Tested on: Windows 10 Pro Description The attacker can send to...

Duplicate Page and Post Plugin < 2.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the "Duplicate Post Suffix" or "Duplicate Link Text" settings: "alert/XSS/...

Ecommerce - Two Factor Authentication < 1.0.5 - Reflected Cross-Site Scripting

The plugin does not escape the user parameter before outputting it back in an attribute in the dashboard page to confirm the 2FA reset, leading to a Reflected Cross-Site Scripting issue v alert/XSS/ v 1.0.5: https://example.com/wp-admin/users.php?page=reset&action=resetedit&user="...

Avada < 7.4.2 - Reflected Cross-Site Scripting

Description The theme does not properly escape bbPress searches before outputting them back as breadcrumbs, leading to a Reflected Cross-Site Scripting issue. https://theme-fusion.com/forums/search/z--FAIL/...

underConstruction < 1.19 - Reflected Cross-Site Scripting

The plugin does not escape the PHPSELF before outputting it in an attribute, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/admin.php/"alert/XSS//?page=under-construction...

Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery Cross-Site Scripting

Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery Cross-Site Scripting input type="hidden" name="password2" value="newpass123" /...

WolfSight CMS 3.2 SQL Injection

Exploit Title: WolfSight CMS 3.2 - SQL Injection Google Dork: N/A Date: 2018-07-10 Exploit Author: Berk Dusunur & Zehra Karabiber Vendor Homepage: http://www.wolfsight.com Software Link: http://www.wolfsight.com Version: v3.2 Tested on: Parrot OS / WinApp Server CVE : N/A PoC Sql Injection...

Ultimate Member 1.2.98-1.2.994 - Reflected Cross-Site Scripting (XSS)

The Ultimate Member plugin utilizes the Redux Framework. The Redux Framework includes a script named ‘class.p.php’, which acts as a HTTP proxy. Utilizing this script, it is possible to trigger a Reflected XSS attack, by loading data from a location controlled by the attacker. The data from this...

MKPortal Anekdot Cross Site Scripting

========================================= MKPortal Anekdot module XSS Vulnerability ========================================= The largest Exploit Database in the world ! 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/...