CVE-2026-3837

An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without...

CVE-2024-58293

Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items, taxes, transactions, and vendor name fields to perform arithmetic...

CVE-2025-60343

Multiple buffer overflows in the AdvSetMacMtuWan function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service DoS via injecting a crafted payload into the wanMTU, wanSpeed, cloneType, mac, serviceName, serverName, wanMTU2, wanSpeed2, cloneType2, mac2, serviceName2, and...

GHSA-XP8G-32QH-MV28 Decap CMS Cross Site Scripting (XSS) vulnerability

Decap CMS through 3.8.3 is vulnerable to stored Cross-Site Scripting XSS in the admin preview pane. User-controlled fields e.g., title, description, tags, and body are rendered in the preview without sufficient sanitization/escaping. An attacker with low-privilege author/contributor access can...

CVE-2025-4250

A vulnerability was found in code-projects Nero Social Networking Site 1.0. It has been classified as critical. This affects an unknown part of the file /index.php. The manipulation of the argument fname/lname/login/password2/cpassword/address/cnumber/email/gender/propic/month leads to sql...

CVE-2023-42627

Multiple stored cross-site scripting XSS vulnerabilities in the Commerce module in Liferay Portal 7.3.5 through 7.4.3.91, and Liferay DXP 7.3 update 33 and earlier, and 7.4 before update 92 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a 1...

Dell PowerScale OneFS 跨站脚本漏洞

Dell PowerScale OneFS is an operating system from Dell USA Inc. Dell PowerScale OneFS is a cross-site scripting vulnerability that can be exploited by attackers to store malicious HTML or JavaScript code via multiple affected fields...

Cross site scripting

Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in multiple fields first name, last name, and logon name when creating or modifying a user via the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the...

Easily Explore Your Log Data with a Single Query in InsightIDR

We are delighted to announce that Log Search now supports grouping by multiple fields in your log data. By running a single query, you can easily drill down into your log data for in-depth analysis, while still getting an overall view of your data. Read on to find out how to get this rich insight...

Cross site scripting

Sahi Pro 8.0.0 has a script manager arena located at s/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script's Script Name, Suite Name, Base URL, Android, iOS, Scripts Run, Origin Machine, or Comment field. The sql parameter can be used to trigger...

CVE-2015-4103

Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service host interrupt handling confusion via vectors related to qemu and accessing spanning multiple fields...

CVE-2013-2885

Use-after-free vulnerability in Google Chrome before 28.0.1500.95 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to not properly considering focus during the processing of JavaScript events in the presence of a multiple-fields...

SQL-Ledger < 2.6.27 Multiple Fields SQL Injection

Binary data 4237.prm...