CVE-2021-47892

PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potentially allowing client-side script execution...

CVE-2025-52203

A stored cross-site scripting XSS vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated attacker can inject malicious JavaScript payloads into this field, which are...

CVE-2024-6229

A stored cross-site scripting XSS vulnerability exists in the 'Upload Knowledge' feature of stangirard/quivr, affecting the latest version. Users can upload files via URL, which allows the insertion of malicious JavaScript payloads. These payloads are stored on the server and executed whenever an...

CVE-2024-6229 Stored XSS in stangirard/quivr

A stored cross-site scripting XSS vulnerability exists in the 'Upload Knowledge' feature of stangirard/quivr, affecting the latest version. Users can upload files via URL, which allows the insertion of malicious JavaScript payloads. These payloads are stored on the server and executed whenever an...

CVE-2023-49573

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /addcommandaction in actionvalue. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered wh...

CVE-2023-49573 XSS vulnerability in VX Search Enterprise

A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /addcommandaction in actionvalue. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered wh...

CVE-2023-49572

CVE-2023-49572 corresponds to a persistent XSS vulnerability in VX Search Enterprise (v10.2.14) and Disk Pulse Enterprise (v10.4.18) exploitable via /setup_odbc parameters odbc_data_source, odbc_user and odbc_password. The issue allows an attacker to store and trigger malicious JavaScript payload...

CVE-2024-28277

CVE-2024-28277 affects Sourcecodester School Task Manager v1.0. The vulnerability is a Stored Cross-Site Scripting (XSS) in the subject_name/subject name parameter, allowing an attacker to manipulate the subject’s name and potentially execute malicious JavaScript payloads. Root cause is unvalidat...

U.S. Dept Of Defense: Remote File Inclusion, Malicious File Hosting, and Cross-site Scripting (XSS) in ████████

Details: There is currently a security misconfiguration on plain.php function located on the host http://██████████/ allowing attackers to include webserver contents of their choosing no restriction on filetypes and/or IP addresses, as well as embed malicious javascript payloads in the response v...