5087 matches found
CVE-2025-46041
A stored cross-site scripting XSS vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface /admin/pages/add...
CVE-2025-46041
A stored cross-site scripting XSS vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface /admin/pages/add...
CVE-2025-46041
A stored cross-site scripting XSS vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface /admin/pages/add...
CVE-2025-46041
A stored cross-site scripting XSS vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface /admin/pages/add...
CVE-2025-46041
Anchor CMS v0.12.7 is affected by CVE-2025-46041: a stored XSS in the page creation interface, exploitable via the description field on /admin/pages/add. An authenticated user (admin/editor) can inject arbitrary JavaScript which is stored and executed when the page is viewed. Affected component/l...
CVE-2025-46178
Cross-Site Scripting XSS vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement...
CVE-2025-46178
Cross-Site Scripting XSS vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement...
CVE-2025-46178
The CVE-2025-46178 entry pertains to a Cross-Site Scripting (XSS) vulnerability in the CloudClassroom PHP Project, specifically in the askquery.php file via the eid parameter. The flaw allows remote attackers to inject arbitrary JavaScript in the context of a victim browser session, potentially l...
CVE-2025-27754
A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin's resource. The injected payload is stored by the application and later executed when other users view the affecte...
CVE-2025-27444
A reflected XSS vulnerability in RSform!Pro component 3.0.0 - 3.3.13 for Joomla was discovered. The issue arises from the improper handling of the filterdateFrom GET parameter, which is reflected unescaped in the administrative backend interface. This allows an authenticated attacker with admin o...
CVE-2025-27754
A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin's resource. The injected payload is stored by the application and later executed when other users view the affecte...
CVE-2025-27754 Extension - rsjoomla.com - A stored XSS vulnerability RSBlog! component 1.11.6 - 1.14.4 for Joomla
A stored XSS vulnerability in RSBlog! component 1.11.6 - 1.14.4 for Joomla was discovered. The vulnerability allows authenticated users to inject malicious JavaScript into the plugin's resource. The injected payload is stored by the application and later executed when other users view the affecte...
CVE-2025-30084
CVE-2025-30084 affects the RSMail! component for Joomla (versions 1.19.20–1.22.26). The stored XSS flaw occurs in the dashboard where user-supplied input is not properly sanitized before storage and rendering, enabling an attacker to inject JavaScript into text fields that executes in the browser...
Cross-site Scripting (XSS)
github.com/forceu/gokapi is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in the API key renaming feature, which allowed authenticated users to inject JavaScript that would execute when another user accessed the API tab...
PT-2025-23926 · Joomla · Rsmail!
Name of the Vulnerable Software and Affected Versions: RSMail! component versions 1.19.20 through 1.22.26 for Joomla Description: A stored XSS issue was discovered in the RSMail! component for Joomla, where user-supplied input is not properly sanitized before being stored and rendered within the...
PT-2025-23925 · Rsblog! · Rsblog!
Name of the Vulnerable Software and Affected Versions: RSBlog! component versions 1.11.6 through 1.14.4 Description: A stored XSS issue allows authenticated users to inject malicious JavaScript into the plugin's resource. The injected payload is stored by the application and later executed when...
CVE-2025-27444
A reflected XSS vulnerability in RSform!Pro component 3.0.0 - 3.3.13 for Joomla was discovered. The issue arises from the improper handling of the filterdateFrom GET parameter, which is reflected unescaped in the administrative backend interface. This allows an authenticated attacker with admin o...
CVE-2025-27444 Extension - rsjoomla.com - A reflected XSS vulnerability RSform!Pro component 3.0.0 - 3.3.13 for Joomla
A reflected XSS vulnerability in RSform!Pro component 3.0.0 - 3.3.13 for Joomla was discovered. The issue arises from the improper handling of the filterdateFrom GET parameter, which is reflected unescaped in the administrative backend interface. This allows an authenticated attacker with admin o...
CVE-2025-27444 Extension - rsjoomla.com - A reflected XSS vulnerability RSform!Pro component 3.0.0 - 3.3.13 for Joomla
A reflected XSS vulnerability in RSform!Pro component 3.0.0 - 3.3.13 for Joomla was discovered. The issue arises from the improper handling of the filterdateFrom GET parameter, which is reflected unescaped in the administrative backend interface. This allows an authenticated attacker with admin o...
CVE-2024-8008
CVE-2024-8008 is a reflected Cross-Site Scripting (XSS) vulnerability in multiple WSO2 products caused by insufficient output encoding in error messages from the JDBC user store connection validation request. An attacker can craft a request payload that triggers JavaScript execution in the victim...