CVE-2020-37044

CVE-2020-37044 affects OpenCTI 3.3.1, with a reflected XSS flaw in the /graphql endpoint. The vulnerability allows an attacker to inject arbitrary JavaScript by sending a crafted GET request with a malicious payload in the query string, resulting in script execution in the victim’s browser (examp...

CVE-2020-37019

Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embedded JavaScript in the MarkdownBodyPart.Source parameter to execute arbitrary scripts in victim...

CVE-2020-36996

PHPFusion 9.03.50 contains a persistent cross-site scripting vulnerability in the print.php page that fails to properly sanitize user-submitted message content. Attackers can inject malicious JavaScript through forum messages that will execute when the print page is generated, allowing script...

CVE-2020-37019

Orchard Core RC1 contains a persistent cross-site scripting (XSS) vulnerability that lets an attacker inject malicious JavaScript via blog posts. The flaw is triggered when embedded JavaScript is placed in the MarkdownBodyPart.Source parameter during blog-post creation, allowing code execution in...

CVE-2020-36996 PHPFusion 9.03.50 - Persistent Cross-Site Scripting

PHPFusion 9.03.50 contains a persistent cross-site scripting vulnerability in the print.php page that fails to properly sanitize user-submitted message content. Attackers can inject malicious JavaScript through forum messages that will execute when the print page is generated, allowing script...

PT-2026-5412

PHPFusion 9.03.50 contains a persistent cross-site scripting vulnerability in the print.php page that fails to properly sanitize user-submitted message content. Attackers can inject malicious JavaScript through forum messages that will execute when the print page is generated, allowing script...

CVE-2020-36932

SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded...

CVE-2020-36932

CVE-2020-36932 affects SeaCMS 11.1. The vulnerability is a stored cross-site scripting (XSS) in the checkuser parameter of the admin settings page. The underlying issue allows an attacker to inject JavaScript payloads that execute in users’ browsers when the page loads. Affected component: admin ...

CVE-2026-24474 Dioxus Components has JavaScript injection via user-supplied IDs

Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, useanimatedopen formats a string for eval with an id that can be user supplied. Commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a patches the issue...

CVE-2026-24474

Summary: CVE-2026-24474 affects the Dioxus Components library (shadcn-style components for the Dioxus app framework). Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, the function/use_animated_open formats a string for eval using a user-supplied id, enabling a potential JavaScript inject...

CVE-2026-24474 Dioxus Components has JavaScript injection via user-supplied IDs

Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, useanimatedopen formats a string for eval with an id that can be user supplied. Commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a patches the issue...

CVE-2026-24474 Dioxus Components has JavaScript injection via user-supplied IDs

Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, useanimatedopen formats a string for eval with an id that can be user supplied. Commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a patches the issue...

CVE-2025-27379 Stored Cross-Site Scripting in AES BOM Viewer

A stored cross-site scripting XSS vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content...

CVE-2025-27379

A stored cross-site scripting XSS vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content...

CVE-2025-27379

CVE-2025-27379 affects the BOM Viewer in Altium AES 7.0.3. A stored XSS vulnerability allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content. The issue is tied to the Description...

PT-2026-7943

Name of the Vulnerable Software and Affected Versions Solspace Freeform plugin for Craft CMS versions 5.0 through 5.14.6 Description A low-privilege authenticated user with form creation/editing permissions can inject arbitrary HTML and JavaScript code into the Craft Control Panel builder and...

PT-2026-3895

A stored cross-site scripting XSS vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content...

EUVD-2026-3618

OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript through user profile parameters. Attackers can exploit the vulnerability by crafting a malicious payload to download and execute a web shell, enabling remote command...

CVE-2025-57681

The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. The vulnerability is exploited via a specially crafted paylo...

EUVD-2026-3658

The WorklogPRO - Timesheets for Jira plugin in Jira Data Center before version 4.23.6-jira10 and before version 4.23.5-jira9 allows users and attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability. The vulnerability is exploited via a specially crafted paylo...