CVE-2025-63639

The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting XSS due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which executes in the browser of any user viewing th...

CVE-2025-43818

Cross-site scripting XSS vulnerability in the Calendar widget in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 36 allows remote attackers to inject arbitrary we...

CVE-2025-48308

CVE-2025-48308 discusses a CSRF vulnerability in the Newsletter subscription optin module (versions up to 1.2.9) that can lead to Stored XSS. Affected software: Newsletter subscription optin module. Root cause: CSRF enabling stored XSS. Impact per sources: potential for stored XSS with low to mod...

CVE-2025-42962

SAP Business Warehouse Business Explorer Web allows an attacker to create a malicious link. If an authenticated user clicks on this link, the injected script gets executed within the scope of victim�s browser. This potentially leads to an impact on confidentiality and integrity. Availability is n...

SUSE CVE-2011-2626

Opera before 11.50 allows remote attackers to cause a denial of service application crash by using "injected script" to set the SRC attribute of an IFRAME element...

SUSE CVE-2018-5175

A mechanism to bypass Content Security Policy CSP protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, a...

UBUNTU-CVE-2022-46873

Because Firefox did not implement the unsafe-hashes CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject executable script. This would be severely constrained by the specified Content Security Policy of...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. The package is used for rendering UI components inside the input or text fields, and an attacker can pass a malicious placeholder value to it to fire the XSS payload. Details Cross-site scripting or XSS is a co...

CVE-2022-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk V2.6.2...

HPE KVM IP Console Switches Cross-Site Scripting Vulnerability

HPE KVM IP Console Switches is an HP switch device. A cross-site scripting vulnerability exists in HPE KVM IP Console Switches, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain access to sensitive information or hijack...

CVE-2019-17116

A stored and reflected cross-site scripting XSS vulnerability in WiKID 2FA Enterprise Server through 4.2.0-b2047 allow remote attackers to inject arbitrary web script or HTML via /WiKIDAdmin/groups.jsp. The groupName parameter is vulnerable: the reflected cross-site scripting occurs immediately...

WF Cookie Consent <= 1.1.3 - Authenticated Persistent Cross-Site Scripting (XSS)

The WF Cookie Consent WordPress plugin was affected by an Authenticated Persistent Cross-Site Scripting XSS security vulnerability. 1 Access WordPress control panel. 2 Navigate to the 'Pages'. 3 Add a new page and insert the script you wish to inject into the page title. 4 Now navigate to...

Unfixed XSS vulnerability at www.nordkeyboards.com

Security researcher wutsec, has submitted on 04/02/2012 a cross-site-scripting XSS vulnerability affecting www.nordkeyboards.com, which at the time of submission ranked 306769 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/02/2012. It is...

CVE-2011-2626

CVE-2011-2626 affects Opera browsers prior to 11.50, where an injected script could set the SRC attribute of an IFRAME, causing an application crash (DoS). Multiple vendor advisories reiterate the issue and reference Opera’s fixed release paths. Affected: Opera before 11.50; Impact: denial of ser...

CVE-2010-0963

Cross-site scripting XSS vulnerability in index.php in dl Download Ticket Service before 0.7 allows remote attackers to inject arbitrary web script or HTML via the t parameter, related to an invalid ticket ID. NOTE: some of these details are obtained from third party information...

CVE-2009-4196

Multiple cross-site scripting XSS vulnerabilities in multiple scripts in Forms/ in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 allow remote attackers to inject arbitrary web script or HTML via the 1 BackButton parameter to error1; 2 wzConnFlag parameter to freshpppoe1; 3...

Mozilla Firefox Chrome Page Loading Restriction Bypass (CVE-2005-2706)

The Firefox and Mozilla web browsers are applications designed for tasks related to browsing the web, such as displaying HTML encoded pages, downloading files, and so on. The web browser implements security restrictions on the execution of scripts and access to certain resources based on the orig...

Unfixed XSS vulnerability at www.journaux.fr

Security researcher xylitol, has submitted on 17/06/2008 a cross-site-scripting XSS vulnerability affecting www.journaux.fr, which at the time of submission ranked 108659 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/06/2009. It is current...

Shbablek Mail Vulnerablitiy - Cross-Site Scripting

Shbablek Mail Vulnerablitiy - Cross-Site Scripting by n0m3rcy Copyright c 2006 n0m3rcy [email protected] Exploit: i in the Already have an account? ia Account name: scriptalert1/script ib Password: scriptalert1/script Shoutz: cijfer , dag , devil-00 , q-ex and all my friends have phun!...