Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to allowing the javascript: URL scheme for links created based on workspace content. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious script into...

CVE-2024-53970

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2024-53970

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2024-53970 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-2163

The Zoorum Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the zoorumsetoptions function. This makes it possible for unauthenticated attackers to update settings and inject...

CVE-2025-29782 WeGIA Cross-Site Scripting (XSS) Stored in endpoint `adicionar_tipo_docs_atendido.php` parameter `tipo`

WeGIA is Web manager for charitable institutions A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionartipodocsatendido.php endpoint in versions of the WeGIA application prior to 3.2.17. This vulnerability allows attackers to inject malicious scripts into the tipo...

SAP NetWeaver Application Server ABAP Cross-Site Scripting Vulnerability

SAP NetWeaver Application Server ABAP is an application server from SAP for running ABAP applications. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server ABAP that originates from allowing malicious scripts to be executed within the application. An attacker can exploi...

Reflected Cross-Site Scripting (Reflected XSS)

laravel/framework is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to improper encoding of route parameters in the debug-mode error page, allows an attacker to inject and execute malicious scripts in a victim’s browser by tricking them into visiting a...

SAP NetWeaver Application Server 跨站脚本漏洞

SAP NetWeaver Application Server ABAP is an application server from SAP for running ABAP applications. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server ABAP that originates from allowing malicious scripts to be executed within the application. An attacker can exploi...

Cross-site Scripting (XSS)

redaxo/source is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the rex-api-result parameter due to insufficient input validation, allowing attackers to inject malicious scripts on the AddOns page...

Stored Cross-site Scripting (XSS)

github.com/matrix-org/pinecone is vulnerable to stored Stored Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user input, allowing malicious scripts to be stored and later executed when accessed by users...

PT-2025-9871 · Unknown · Unifiedtransform

Name of the Vulnerable Software and Affected Versions: Unifiedtransform version 2.0 Description: The issue is related to Cross Site Scripting XSS in the Create assignment function, allowing attackers to execute malicious scripts in the context of other users. Recommendations: For Unifiedtransform...

Linux Distros Unpatched Vulnerability : CVE-2022-46165

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Syncthing is an open source, continuous file synchronization program. In versions prior to 1.23.5 a compromised instance with shared folders could sync maliciou...

Linux Distros Unpatched Vulnerability : CVE-2023-29455

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The scrip...

CVE-2025-25477

A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS files from an arbitrary domain which would be executed in the victim's browser...

Stored Cross-site Scripting (XSS)

leantime/leantime is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to improper input sanitization and output encoding, allowing attackers to inject malicious scripts that get stored and executed when retrieved by users...

Cross-site Scripting (XSS)

leantime/leantime is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input validation due to the lack of sanitization of the $GET"id" parameter, allowing an attacker to inject malicious scripts...

Stored Cross-site Scripting (XSS)

moodle/moodle is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to insufficient sanitization of user-inputted data in the site administration live log, allowing malicious scripts to be stored and executed when viewed...

Reflected Cross-site Scripting (XSS)

github.com/oxyno-zeta/s3-proxy is vulnerable to Reflected Cross-site Scripting XSS. The vulnerability is due to improper input sanitization in the folder-list template, allowing attackers to inject malicious scripts through the Request.URL.Path variable...

PT-2025-7832 · Unknown · Rustaurius Front End Users

Name of the Vulnerable Software and Affected Versions: Rustaurius Front End Users versions 3.2.30 and earlier Description: The issue is related to improper neutralization of input during web page generation, which leads to a Stored XSS vulnerability. This allows for the storage of malicious scrip...