CVE-2021-45822

A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the "n" POST parameter. Through this vulnerability, an attacker is capable to execute malicious JavaScript code...

CVE-2025-3189

Stored Cross-Site Scripting XSS in DoWISP in versions prior to 1.16.2.50, which consists of an stored XSS through the upload of a profile picture in SVG format with malicious Javascript code in it...

CVE-2025-3189 Stored Cross-Site Scripting (XSS) in DoWISP

Stored Cross-Site Scripting XSS in DoWISP in versions prior to 1.16.2.50, which consists of an stored XSS through the upload of a profile picture in SVG format with malicious Javascript code in it...

CVE-2025-2597 Reflected Cross-Site Scripting (XSS) vulnerability in ITIUM 6050

Reflected Cross-Site Scripting XSS in ITIUM 6050 version 5.5.5.2-b3526 from Impact Technologies. This vulnerability could allow an attacker to execute malicious Javascript code via GET and POST requests to the ‘/index.php’ endpoint and injecting code into the ‘idsession...

CVE-2024-0640 Stored XSS in chatwoot/chatwoot

A stored cross-site scripting XSS vulnerability exists in chatwoot/chatwoot versions 3.0.0 to 3.5.1. This vulnerability allows an admin user to inject malicious JavaScript code via the dashboard app settings, which can then be executed by another admin user when they access the affected dashboard...

CVE-2025-2150

The C&Cm@il from HGiga has a Stored Cross-Site Scripting XSS vulnerability, allowing remote attackers with regular privileges to send emails containing malicious JavaScript code, which will be executed in the recipient's browser when they view the email...

CVE-2020-26221

touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting XSS. The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser...

CVE-2025-22132 WeGIA has a Cross-Site Scripting (XSS) in File Upload Field

WeGIA is a web manager for charitable institutions. A Cross-Site Scripting XSS vulnerability was identified in the file upload functionality of the WeGIA/html/socio/sistema/controller/controlaxlsx.php endpoint. By uploading a file containing malicious JavaScript code, an attacker can execute...

Cross-Site Scripting (XSS)

Piranha is vulnerable to a Cross-site scripting XSS. The vulnerability is due to insufficient validation of uploaded PDF files, allowing authenticated remote attackers to upload crafted files containing malicious JavaScript code that executes when a victim interacts with the file in their web...

CVE-2024-54043

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2024-48120

X2CRM v8.5 is affected by a stored XSS in the Opportunities module. The vulnerability allows an authenticated attacker to inject JavaScript via the Name field when creating a list, with the payload stored and later triggered. Evidence consistently references a stored XSS path in the Opportunities...

CVE-2024-40111

A persistent stored cross-site scripting XSS vulnerability has been identified in Automad 2.0.0-alpha.4. This vulnerability enables an attacker to inject malicious JavaScript code into the template body. The injected code is stored within the flat file CMS and is executed in the browser of any us...

CVE-2024-37392

A stored Cross-Site Scripting XSS vulnerability has been identified in SMSEagle software version 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious JavaScript code into an SM...

CVE-2024-43006

ZZCMS2023 contains a stored XSS in /user/ask_edit.php?action=add via the content parameter. When an attacker injects JavaScript in content and a user loads ask/show_{newsid}.html, the script runs in the user’s browser, potentially stealing cookies or session tokens. Affected component: ZZCMS2023,...

CVE-2024-3402 Stored XSS vulnerability in gaizhenbiao/chuanhuchatgpt

A stored Cross-Site Scripting XSS vulnerability existed in version 20240121 of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model,...

CVE-2024-5520 Cross-Site Scripting stored in Alkacon OpenCMS

Two Cross-Site Scripting vulnerabilities have been discovered in Alkacon's OpenCMS affecting version 16, which could allow a user with sufficient privileges to create and modify web pages through the admin panel, can execute malicious JavaScript code, after inserting code in the “title” field...

CVE-2024-32733 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Due to missing input validation and output encoding of untrusted data, SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject malicious JavaScript code into the dynamically crafted web page. On successful exploitation the attacker can access or modify...

CVE-2024-4174

CVE-2024-4174 is a Cross-Site Scripting (XSS) vulnerability in Hyperion Web Server, affecting version 2.0.15. The issue allows an attacker to execute malicious JavaScript in the client by injecting code into the URL. Documented impact is client-side code execution; no exploitation vectors or in-t...

Cross-site Scripting (XSS)

LibreNMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization on the Service template name which is reflecting in delete button onclick event. This allows malicious javascript code to be stored and executed...

CVE-2024-1602 Stored XSS leading to RCE in parisneo/lollms-webui

parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting XSS that leads to Remote Code Execution RCE. The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within t...