59090 matches found
CVE-2021-47716 Orangescrum 1.8.0 Cross-Site Scripting via Authenticated Endpoints
Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CSmessage', and 'name' to execute arbitrary JavaScript code in victim's browse...
CVE-2021-47738 CSZ CMS 1.2.7 Persistent Cross-Site Scripting via Private Messaging
CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attackers can send messages with script payloads in the user-agent header, which will execute when an admin views the message in the backend...
CVE-2021-47732
CMSimple 5.2 is affected by a stored cross-site scripting (XSS) vulnerability in the Filebrowser external input field. The issue allows an attacker to inject unfiltered JavaScript that executes when a user clicks the Page or Files tabs, enabling persistent script injection. Affected product/versi...
CVE-2021-47732 CMSimple 5.2 Stored Cross-Site Scripting via Filebrowser External Input
CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...
MAL-2025-192752 Malicious code in @google_recaptcha/js (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bd0346120a6f0d866aebe59ca9ae06c02e28849fc3840a412edcc81a2ab54ded The package @googlerecaptcha/js was found to contain malicious code. Source: ghsa-malware...
Stored XSS
Overview Affected versions of this package are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a crafted PlantUML diagram can inject malicious JavaScript into generated SVG output, leading to arbitrary script execution in the...
CVE-2025-66845
A reflected Cross-Site Scripting XSS vulnerability has been identified in TechStore version 1.0. The username endpoint reflects the id query parameter directly into the HTML response without output encoding or sanitization, allowing execution of arbitrary JavaScript code in a victim’s browser...
CVE-2025-14635 Happy Addons for Elementor <= 3.20.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hapagecustomjs' parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
EUVD-2025-204795
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hapagecustomjs' parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14635 Happy Addons for Elementor <= 3.20.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hapagecustomjs' parameter in all versions up to, and including, 3.20.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-14635
CVE-2025-14635 concerns the Happy Addons for Elementor WordPress plugin. The connected Wordfence report explicitly ties this to an authenticated stored cross-site scripting (XSS) vulnerability via the ha_page_custom_js parameter, affecting version range up to and including 3.20.3. Root cause: ins...
MAL-2025-192844 Malicious code in node-calculator-f483 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 84a5e8d3f7bc17fcc1c20611e0b98235c4015291f1fe1af1f31497d604654663 The package node-calculator-f483 was found to contain malicious code...
EUVD-2025-204885
Malicious code in elf-stats-sprucey-giftbox-118 npm...
EUVD-2023-60238
myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the template management system that allows authenticated administrators to inject malicious scripts when creating new templates. Attackers can exploit this vulnerability by inserting script payloads in the template title...
CVE-2025-67443
Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting XSS. Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel...
PT-2025-52736
Name of the Vulnerable Software and Affected Versions Happy Addons for Elementor versions up to and including 3.20.3 Description The Happy Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting through the ha page custom js parameter. Insufficient input sanitizati...
CVE-2025-65790
A reflected cross-site scripting XSS vulnerability exists in FuguHub 8.1 when serving SVG files through the /fs/ file manager interface. FuguHub does not sanitize or restrict script execution inside SVG content. When a victim opens a crafted SVG containing an inline element, the browser executes...
CVE-2025-67443
Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting XSS. Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel...
firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation in the JavaScript Engine: JIT component...
Important: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...