CVE-2022-28867

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for...

CVE-2022-28450

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting XSS via the "Text" parameter forums when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser...

CVE-2021-30862

A validation issue was addressed with improved input sanitization. This issue is fixed in iTunes U 3.8.3. Processing a maliciously crafted URL may lead to arbitrary javascript code execution...

CVE-2021-21803

This vulnerability is present in devicegraphpage.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution...

CVE-2021-1748

A validation issue was addressed with improved input sanitization. This issue is fixed in tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted URL may lead to arbitrary javascript code execution...

CVE-2021-44916

Opmantek Open-AudIT Community 4.2.0 Fixed in 4.3.0 is affected by a Cross Site Scripting XSS vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser...

CVE-2020-5142

A stored cross-site scripting XSS vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen ...

CVE-2020-15034

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Setup.php tet parameter...

CVE-2020-9860

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 13.0.5. Processing a maliciously crafted URL may lead to arbitrary javascript code execution...

CVE-2020-15029

NeDi 1.9C is vulnerable to cross-site scripting XSS attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php sn parameter...

CVE-2020-3884

An injection issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to cause arbitrary javascript code execution...

CVE-2020-24670

The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of 'dashboardXml' parameter...

CVE-2014-0883

IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 9116...

CVE-2019-1010008

OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross Site Scripting XSS. The impact is: Theoretically low, but might potentially enable persistent XSS user could embed mal. code. The component is: Javascript code execution in "Name", "Location", "Bio" and "Starting Page" fields in the "M...

CVE-2019-8792

An injection issue was addressed with improved validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to arbitrary javascript code execution...

CVE-2018-1000668

jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsiObjArrayLookup jsiObj.c:274 that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. This vulnerability appears to ha...

CVE-2017-1000193

October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...

CVE-2025-26621

OpenCTI vulnerability CVE-2025-26621: Prior to version 6.5.2, users with the capability to manage customizations can edit a webhook that executes JavaScript code. This can be abused to trigger a denial-of-service via prototype pollution, rendering the Node.js server running the OpenCTI frontend u...

PT-2025-21634 · Icewarp · Icewarp Mail Server

Name of the Vulnerable Software and Affected Versions: Icwarp Mail Server version 11.4.0 Description: The issue allows for HTTP host header injection, enabling the execution of arbitrary JavaScript code on page load when a user interacts with a malicious link. This is achieved by modifying the Ho...

PT-2025-20695 · Unknown · Abantecart

Name of the Vulnerable Software and Affected Versions: AbanteCart version 1.4.0 Description: A Reflected Cross-Site Scripting XSS issue allows an attacker to execute JavaScript code in a victim's browser by sending a malicious URL. This can be exploited to steal sensitive user data, such as sessi...