CVE-2019-19908

phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmcusername parameter to passreset.php is vulnerable...

CVE-2019-10336

A reflected cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and earlier allowed attackers able to control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in job configuration forms containing post-build steps provided by this plugin...

CVE-2019-10346

A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin...

CVE-2019-18267

An issue was found in GE S2020/S2020G Fast Switch 61850, S2020/S2020G Fast Switch 61850 Versions 07A03 and prior. An attacker can inject arbitrary Javascript in a specially crafted HTTP request that may be reflected back in the HTTP response. The device is also vulnerable to a stored cross-site...

CVE-2019-18210

Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users Teacher and above to inject JavaScript into the session of another user e.g., enrolled student or site administrator via the introeditortext parameter. NOTE: the discoverer and vendor disagree on whether Mood...

CVE-2019-14350

EspoCRM 5.6.4 is vulnerable to stored XSS due to lack of filtration of user-supplied data in the Knowledge base. A malicious attacker can inject JavaScript code in the body parameter during api/v1/KnowledgeBaseArticle knowledge-base record creation...

CVE-2019-14827

A vulnerability was found in Moodle where javaScript injection was possible in some Mustache templates via recursive rendering from contexts. Mustache helper tags that were included in template contexts were not being escaped before that context was injected into another Mustache helper, which...

CVE-2019-10376

A reflected cross-site scripting vulnerability in Jenkins Wall Display Plugin 0.6.34 and earlier allows attackers to inject arbitrary HTML and JavaScript into web pages provided by this plugin...

CVE-2019-10360

A stored cross site scripting vulnerability in Jenkins Maven Release Plugin 0.14.0 and earlier allowed attackers to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins...

CVE-2018-16220

Cross Site Scripting in different input fields domain field and personal settings in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker local or remote to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name...

CVE-2014-10394

The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header...

CVE-2017-11560

An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the applicatio...

CVE-2014-10391

The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection...

PT-2025-22527 · Unknown · Group-Office

Name of the Vulnerable Software and Affected Versions: Group-Office versions prior to 6.8.119 and 25.0.20 Description: A stored and blind XSS issue exists in the Phone Number field of the user profile within the Group-Office application. This allows a malicious actor to inject persistent JavaScri...

CVE-2002-1806

Cross-site scripting XSS vulnerability in Drupal 4.0.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag...

CVE-2002-1805

Cross-site scripting XSS vulnerability in DaCode 1.2.0 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag...

CVE-2005-4204

Cross-site scripting XSS vulnerability in LogiSphere 0.9.9j allows remote attackers to inject arbitrary Javascript via the msg command. NOTE: due to lack of appropriate details by the original researcher, it is unclear whether this issue is distinct from the msg DoS...

CVE-2005-1592

Multiple "javascript vulerabilities in BB code" in BirdBlog before 1.3.1 allow remote attackers to inject arbitrary Javascript...

CVE-2025-44108

A stored Cross-Site Scripting XSS vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then stored persistently...

CVE-2025-45754

A stored cross-site scripting XSS vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as the document name...