Cross-site Scripting (XSS)

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to Cross-site Scripting XSS via the /product/search endpoint. An attacker can execute arbitrary JavaScript in the victim's browser and potentially access sensitive information or perform actions ...

CVE-2025-1746

Cross-Site Scripting vulnerability in OpenCart versions prior to 4.1.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the search in the /product/search endpoint. This vulnerability could be exploited to steal...

CVE-2025-1746 Cross-Site Scripting vulnerability in OpenCart

Cross-Site Scripting vulnerability in OpenCart versions prior to 4.1.0. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the search in the /product/search endpoint. This vulnerability could be exploited to steal...

CVE-2025-22491

The user input was not sanitized on Reporting Hierarchy Management page of Foreseer Reporting Software FRS application which could lead into execution of arbitrary JavaScript in a browser context for all the interacting users. This security issue has been patched in the latest version 1.5.100 of...

CVE-2025-22491 Improper Input Validation in Foreseer Reporting Software (FRS)

The user input was not sanitized on Reporting Hierarchy Management page of Foreseer Reporting Software FRS application which could lead into execution of arbitrary JavaScript in a browser context for all the interacting users. This security issue has been patched in the latest version 1.5.100 of...

CVE-2025-22491

CVE-2025-22491 affects Foreseer Reporting Software (FRS) - a vulnerability in the Reporting Hierarchy Management page where unsanitized user input allows arbitrary JavaScript execution in a browser context for all interacting users. Root cause: un sanitised input processing on that page. Impact: ...

Eaton Foreseer Reporting Software 安全漏洞

Eaton Foreseer Reporting Software is a report generation tool for electrical power monitoring systems EPMS from Eaton Corporation that collects power data in real-time and generates analytical reports to help companies optimize energy management and equipment performance. A security vulnerability...

PT-2025-9101 · Opencart · Opencart

Name of the Vulnerable Software and Affected Versions: OpenCart versions prior to 4.1.0 Description: The issue allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL using the search in the "/product/search" endpoint. This could be exploited to steal...

CVE-2025-25476

A stored cross-site scripting XSS vulnerability in SysPass 3.2.x allows a malicious user with elevated privileges to execute arbitrary Javascript code by specifying a malicious XSS payload as a notification type or notification component...

SysPass 跨站脚本漏洞

SysPass is a system password manager by RubénD Individual Developers. A security vulnerability exists in SysPass 3.2.x. An attacker can exploit the vulnerability to execute arbitrary Javascript code...

CVE-2025-25477

The CVE-2025-25477 entry concerns SysPass 3.2.x, where a host header injection flaw allows loading malicious JavaScript from an arbitrary domain that would execute in a victim’s browser. The root cause is host header injection in SysPass; impact is demonstrated as high confidentiality and integri...

CVE-2025-25477

A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS files from an arbitrary domain which would be executed in the victim's browser...

GHSA-M2JW-CJ8V-937R copyparty renders unsanitized filenames as HTML when user uploads empty files

Summary A DOM-Based XSS was discovered in copyparty, a portable fileserver. The vulnerability is considered low-risk. Details By handing someone a maliciously-named file, and then tricking them into dragging the file into copyparty's Web-UI, an attacker could execute arbitrary javascript with the...

copyparty renders unsanitized filenames as HTML when user uploads empty files

Summary A DOM-Based XSS was discovered in copyparty, a portable fileserver. The vulnerability is considered low-risk. Details By handing someone a maliciously-named file, and then tricking them into dragging the file into copyparty's Web-UI, an attacker could execute arbitrary javascript with the...

CVE-2024-46226

A stored cross site scripting XSS vulnerability in HelpDeskZ v2.0.2 allows remote attackers to execute arbitrary JavaScript in the administration panel by including a malicious payload into the file name and upload file function when creating a new ticket...

CVE-2024-46226

A stored cross site scripting XSS vulnerability in HelpDeskZ v2.0.2 allows remote attackers to execute arbitrary JavaScript in the administration panel by including a malicious payload into the file name and upload file function when creating a new ticket...

CVE-2024-57026

TawkTo Widget Version = 1.3.7 is vulnerable to Cross Site Scripting XSS due to processing user input in a way that allows JavaScript execution...

HelpDeskZ 跨站脚本漏洞

HelpDeskZ is a free PHP-based software from HelpDeskZ Open Source. Allows the use of a web-based support ticket system to manage site support. A cross-site scripting vulnerability exists in versions prior to HelpDeskZ v2.0.2. A remote attacker can exploit this vulnerability to execute arbitrary...

CVE-2024-46226

CVE-2024-46226 describes a stored XSS in HelpDeskZ

Cross-Site Scripting (XSS)

@ckeditor/ckeditor5-real-time-collaboration is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of user markers in the real-time collaboration package, which can allow unauthorized JavaScript execution in certain editor and token endpoint configurations...