CVE-2024-43413

Xibo is an open source digital signage platform with a web content management system CMS. Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute JavaScript via the DataSet functionality. Users can design a DataSet with a HTML column which...

CVE-2024-43111

Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS 129...

CVE-2024-40618

Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension...

CVE-2025-4379

DobryCMS in versions 2. and lower is vulnerable to Reflected Cross-Site Scripting XSS. Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. A hotfix for affected versions was released on 29.04.2025. It...

CVE-2025-4379

DobryCMS prior to 3.x (versions 2.* and lower) is affected by a Reflected XSS in the szukaj parameter. The root cause is improper input validation, allowing arbitrary JavaScript to execute in a victim’s browser when a specially crafted URL is opened. A hotfix addressing affected versions was rele...

CVE-2025-4379 Reflected XSS in DobryCMS

DobryCMS in versions 2. and lower is vulnerable to Reflected Cross-Site Scripting XSS. Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. A hotfix for affected versions was released on 29.04.2025. It...

CVE-2024-27926

RSSHub is an open source RSS feed generator. Starting in version 1.0.0-master.cbbd829 and prior to version 1.0.0-master.d8ca915, ahen the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of...

CVE-2024-28237

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through th...

CVE-2024-28112

Peering Manager is a BGP session management tool. Affected versions of Peering Manager are subject to a potential stored Cross-Site Scripting XSS attack in the name attribute of AS or Platform. The XSS triggers on a routers detail page. Adversaries are able to execute arbitrary JavaScript code wi...

CVE-2024-26472

KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting XSS vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of...

CVE-2024-34081

MantisBT Mantis Bug Tracker is an open source issue tracker. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues bugchangestatuspage.php belonging to a project linking...

CVE-2024-21910

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser...

CVE-2024-23348

Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote...

CVE-2024-22048

govuktechdocs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user's browser if a malicious search result is displayed on the search page...

CVE-2024-0758

MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles...

CVE-2024-26282

Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS 123...

CVE-2024-26466

A DOM based cross-site scripting XSS vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL...

CVE-2024-35234

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...

CVE-2024-5521

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user having the roles of gallery editor or VFS resource manager will have the permission to upload images in the .svg format containing JavaScript code. The code will be...

CVE-2024-29831

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. If you are using the switch task plugin, please upgrade to version 3.2.2...