CVE-2026-39941 ChurchCRM has an XSS vulnerability

ChurchCRM is an open-source church management system. Prior to 7.1.0, an XSS vulnerability allows attacker-supplied input sent via a the EName and EDesc parameters in EditEventAttendees.php to be rendered in a page without proper output encoding, enabling arbitrary JavaScript execution in victims...

CVE-2026-4626

A vulnerability has been found in projectworlds Lawyer Management System 1.0. This impacts an unknown function of the file /lawyerbooking.php. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the...

CVE-2019-25555 TwistedBrush Pro Studio 24.06 Script Recorder Denial of Service

TwistedBrush Pro Studio 24.06 contains a denial of service vulnerability in the Script Recorder component that allows local attackers to crash the application by supplying an excessively large buffer. Attackers can paste a malicious string containing 500,000 characters into the Description field ...

EUVD-2026-13730

DooTask v1.6.27 has a Cross-Site Scripting XSS vulnerability in the /manage/project/ page via the input field projectDesc...

CVE-2026-29828

DooTask v1.6.27 has a Cross-Site Scripting XSS vulnerability in the /manage/project/ page via the input field projectDesc...

EUVD-2019-19425

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfacesvlanedit.php with script payloads in the tag, descr, or vlanif parameters ...

CVE-2026-1154

A flaw has been found in SourceCodester E-Learning System 1.0. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipulation of the argument Title/Description can lead to basic cross site scripting. The attack can be...

CVE-2025-40975

Stored Cross-Site Scripting XSS vulnerability in WorkDo's HRMGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/hrmgo/ticket/changereply’, using the ‘description’ parameter...

WorkDo HRM SaaS HR and Payroll Tool 跨站脚本漏洞

WorkDo HRM SaaS HR and Payroll Tool is a human resource management software from WorkDo, Inc. WorkDo HRM SaaS HR and Payroll Tool suffers from a cross-site scripting vulnerability that stems from insufficient validation of user input for the description parameter when sending a POST request to...

PT-2026-1800

Name of the Vulnerable Software and Affected Versions WorkDo eCommerceGo affected versions not specified Description A stored Cross-Site Scripting XSS issue exists due to insufficient validation of user-supplied data. The issue is triggered by sending a POST request to the /store-ticket API...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the variableSave function of the /admin/system/variableList.do endpoint when handling the Description argument. An attacker can inject and execute arbitrary scripts in the context of a user's browser by...

PT-2025-48370

Multiple Cross-Site Scripting XSS vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious...

CVE-2025-60934

Multiple stored cross-site scripting XSS vulnerabilities in the index.php component of HR Performance Solutions Performance Pro v3.19.17 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee Notes, title, or description parameters. The patched...

EUVD-2025-32448

A vulnerability was determined in Frappe LMS 2.35.0. This affects an unknown function of the component Course Handler. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be...

Radware AlteonOS Web UI Management 安全漏洞

Radware AlteonOS Web UI Management is a web management page from Radware Israel. A security vulnerability exists in Radware AlteonOS Web UI Management version 33.0.4.50, which stems from insufficient validation of the Description parameter input and could lead to a cross-site scripting attack...

PT-2025-38292

Name of the Vulnerable Software and Affected Versions itsourcecode Online Petshop Management System version 1.0 Description A cross-site scripting issue exists in the Available Products Page component of the software, specifically within the addcnp.php file. Manipulation of the name/description...

CVE-2025-52344

Multiple Cross Site Scripting XSS vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project Description input fields...

CVE-2025-52344

Multiple Cross Site Scripting XSS vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project Description input fields...

CVE-2025-52344

The CVE-2025-52344 entry concerns Explorance Blue 8.1.2, where multiple XSS vulnerabilities exist in input fields (Group name and Project Description). The root cause is insufficient input filtering in these fields, allowing arbitrary JavaScript to execute in a user’s browser. Impact is described...

CVE-2025-57520

A Cross Site Scripting XSS vulnerability exists in Decap CMS thru 3.8.3. Input fields such as body, tags, title, and description are not properly sanitized before being rendered in the content preview pane. This enables an attacker to inject arbitrary JavaScript which executes whenever a user vie...