5775 matches found
CVE-2025-61306
A reflected cross-site scripted XSS vulnerability in the dfm-menucoveragealerts.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable valu...
CVE-2026-3320 Multiple vulnerabilities in Cradle e-commerce
Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /product/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...
CVE-2026-3320
CVE-2026-3320 affects the Cradle eCommerce platform (latest demo version). The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw where user-controlled input is insecurely reflected in the HTML output of the /product/ endpoint. The issue allows an attacker to execute arbitrary JavaScrip...
CVE-2026-3319 Multiple vulnerabilities in Cradle e-commerce
Reflected Cross-Site Scripting XSS in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /collection/. Exploitation of this vulnerability would allow an attacker to execute arbitrary JavaScript code...
EUVD-2026-29049
ATutor is vulnerable to Reflected XSS in /install/install.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...
CVE-2026-6956
ATutor is vulnerable to Reflected XSS in /install/install.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...
CVE-2026-6956 Reflected XSS in ATutor
ATutor is vulnerable to Reflected XSS in /install/install.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...
CVE-2026-41951
Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the server when an email server is running in GROWI...
DeepChat 跨站脚本漏洞
DeepChat is an intelligent assistant developed by ThinkInAIXYZ as open source. Versions of DeepChat prior to v1.0.4-beta.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the discrepancy between the backend validation layer and the front-end browser rendering engin...
PT-2026-39723
An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via the HTML index page in Sonatype Nexus Repository versions 3.6.0 through versions before 3.92.0. Th...
PT-2026-39880
Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions prior to 2.28.2 Description Flawed logic in the Update Issue page 'bug update page.php' causes improper escaping of textarea custom field contents. This allows an authenticated user with low-privilege bug...
PT-2026-39590
Name of the Vulnerable Software and Affected Versions ATutor version 2.2.4 Description A Reflected Cross-Site Scripting XSS issue exists in the '/install/upgrade.php' endpoint. This allows an attacker to execute arbitrary JavaScript in a victim's browser by providing a specially crafted URL...
docuForm FSM Server 跨站脚本漏洞
The docuForm FSM Server is a server-side system developed by the German company docuForm, designed for enterprise document processing and form workflow management. The version 11.11c of the docuForm FSM Server contains a cross-site scripting vulnerability. This vulnerability originates from the...
Cradle eCommerce 跨站脚本漏洞
Cradle eCommerce is an e-commerce platform developed by Cradle Corporation, which integrates content management and online shopping features. Cradle eCommerce has a cross-site scripting vulnerability. This vulnerability arises from insecurely reflecting user-controlled inputs in HTML output,...
CVE-2025-61305
CVE-2025-61305 describes a reflected XSS in the dfm-menu_firmware.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c. The root cause is that an unfiltered variable value can be crafted by an attacker to inject arbitrary Javascript and execute it in a victim’s browser. This vul...
CVE-2026-3007
Successful exploitation of the stored cross-site scripting XSS vulnerability could allow an attacker to execute arbitrary JavaScript on any user account that has access to Koollab LMS’ courselet feature...
CVE-2022-50957
Drupal avataruploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Attackers can craft URLs with script payloads in the file parameter of avataruploader.pages.inc to...
PT-2026-39472
Name of the Vulnerable Software and Affected Versions Moodle LMS version 4.0 Description An issue allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Specifically, JavaScript code can be injected via the search field in the...
PT-2026-39507
Exponent CMS 2.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Title and Text Block parameters in the text editing endpoint. Attackers can inject iframe payloads with embedded SVG onload events to execute arbitrary...
Cross-site Scripting (XSS)
Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the notes field of the component checkout process. An attacker can execute arbitrary JavaScript code in the context of another user by submitting...