CVE-2020-13267

A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1...

CVE-2020-22428

SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting XSS via a directory name entered by an admin containing a JavaScript payload...

CVE-2020-26885

An issue was discovered in 2sic 2sxc before 11.22. A XSS vulnerability in the sxcver parameter of dnn/ui.html allows an attacker to craft a malicious URL that executes a JavaScript payload in a victim's browser...

CVE-2019-16683

An issue was discovered in the image-manager in Xoops 2.5.10. When the breadcrumb showing the category name is hovered over while editing any image, a JavaScript payload executes...

CVE-2019-12801

out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name...

CVE-2019-9093

A Reflected Cross Site Scripting XSS Vulnerability was discovered in file/file/upload in Humhub 1.3.10 Community Edition. The user-supplied input containing a JavaScript payload in the filename parameter is echoed back, which resulted in reflected XSS...

SeedDMS 安全漏洞

SeedDMS is SeedDMS open source an open source document management system based on PHP and MySql. The system is mainly used for storing and sharing documents. A security vulnerability exists in SeedDMS version 6.0.32, which originates from stored cross-site scripting and could lead to the injectio...

CVE-2025-45754

SeedDMS 6.0.32 is affected by a stored XSS vulnerability: an attacker can inject JavaScript by using an XSS payload as a document name. The CVSS v3.1 vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N with a base score of 5.4 (Medium). Exploitation details beyond creating a document name are ...

PT-2025-22403

Name of the Vulnerable Software and Affected Versions SeedDMS version 6.0.32 Description A stored cross-site scripting XSS issue exists, allowing an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload as the document name. Recommendations For SeedDMS versio...

CVE-2025-44108

A stored Cross-Site Scripting XSS vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then stored persistently...

CVE-2025-44108

A stored Cross-Site Scripting XSS vulnerability exists in the administration panel of Flatpress CMS before 1.4 via the gallery captions component. An attacker with admin privileges can inject a malicious JavaScript payload into the system, which is then stored persistently...

GHSA-59X8-CVXH-3MM4 YesWiki Stored XSS Vulnerability in Comments

Summary A stored cross-site scripting XSS vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user viewing the affected comment. The XSS occurs because the...

CVE-2024-42699

Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field...

GHSA-H75C-F2XX-9VXV OpenCMS Cross-Site Scripting vulnerability

Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field...

CVE-2024-42699

Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field...

PT-2025-17444 · Alkacon · Alkacon Opencms

Name of the Vulnerable Software and Affected Versions: Alkacon OpenCMS version 17.0 Description: A Cross Site Scripting vulnerability in the Create/Modify article function allows a remote attacker to inject a javascript payload via the image title sub-field in the image field. Recommendations: Fo...

GHSA-RHX4-HVX9-J387 Silverstripe Framework has a XSS vulnerability in HTML editor

Impact A bad actor with access to edit content in the CMS could send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch...

CVE-2024-45699

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the abo...

Zabbix 跨站脚本漏洞

Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. A cross-site scripting vulnerability exists in Zabbix that originates in cross-site scripting and could result in a JavaScript payload...

CVE-2025-30090

mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true...