CVE-2026-20076

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...

CVE-2023-20205

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager EPNM could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface on an affected device...

CVE-2025-20203

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. The...

CVE-2025-31103

Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server...

PT-2025-1022 · Cisco · Cisco Common Services Platform Collector

Name of the Vulnerable Software and Affected Versions: Cisco Common Services Platform Collector CSPC affected versions not specified Description: A vulnerability in the web-based management interface of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly valida...

CVE-2023-35978

A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context...

CVE-2022-20673 Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector CSPC Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. These vulnerabilities are due to insufficient...

Fortinet FortiOS Cross-Site Scripting Vulnerability (CNVD-2017-11805)

Fortinet FortiOS is a set of security operating system developed by the U.S. Fiat Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security features. A cross-site...

common solutions csphonebook 1.02 'index.php' Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30485/info The 'csphonebook' program from common solutions is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitra...

webMathematica 3 'MSP' Script Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37451/info webMathematica is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of ...

agXchange ESM 'ucquerydetails.jsp' Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/38896/info agXchange ESM is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of a...

project-open 3.4.x - 'account-closed.tcl' Cross-Site Scripting

source: https://www.securityfocus.com/bid/51842/info project-open is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the conte...

Cybozu Products Images Cross-Site Scripting Vulnerability

This host is running Cybozu Office or Cybozu Garoon and is prone to cross site scripting vulnerability. OpenVAS Vulnerability Test $Id: secpodcybozuproductsxssvuln.nasl 7052 2017-09-04 11:50:51Z teissa $ Cybozu Products Images Cross-Site Scripting Vulnerability Authors: Sooraj KS Copyright:...

MyBloggie 2.1.6 - HTML Injection SQL Injection

MyBloggie 2.1.6 - HTML Injection SQL Injection source: https://www.securityfocus.com/bid/48317/info myBloggie is prone to a SQL-injection vulnerabilities and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to...

PHP Calendar Basic 2.3 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/47887/info PHP Calendar Basic is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user...

poMMo Aardvark PR16.1 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/47786/info poMMo is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

todoyu 'lang' Parameter Cross Site Scripting Vulnerability

todoyu is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to ste...

OpenWrt 10.03 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/44843/info OpenWrt is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

Pixie 1.0.4 - HTML Injection Cross-Site Scripting

Pixie 1.0.4 - HTML Injection Cross-Site Scripting source: https://www.securityfocus.com/bid/41727/info Pixie is prone to an HTML-injection vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage the issues to execu...