CVE-2026-40282

WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability allows an authenticated user to inject malicious JavaScript into the Intercorrências notification page, which is executed when user access the the page, enabling sessio...

CVE-2020-36861

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.8 / Nagios XI 5.7.5 contains multiple cross-site scripting XSS vulnerabilities in the overlay UI elements and the Notification/Check Period pages. Insufficient validation or escaping of user-supplied input may allow an attacker to...

CVE-2020-36861

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.8 / Nagios XI 5.7.5 contains multiple cross-site scripting XSS vulnerabilities in the overlay UI elements and the Notification/Check Period pages. Insufficient validation or escaping of user-supplied input may allow an attacker to...

CVE-2020-36861 Nagios XI < 5.7.5 Core Config Manager (CCM) XSS via Overlay Rendering and Notification/Check Period Pages

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.8 / Nagios XI 5.7.5 contains multiple cross-site scripting XSS vulnerabilities in the overlay UI elements and the Notification/Check Period pages. Insufficient validation or escaping of user-supplied input may allow an attacker to...

CVE-2020-36861 Nagios XI < 5.7.5 Core Config Manager (CCM) XSS via Overlay Rendering and Notification/Check Period Pages

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.0.8 / Nagios XI 5.7.5 contains multiple cross-site scripting XSS vulnerabilities in the overlay UI elements and the Notification/Check Period pages. Insufficient validation or escaping of user-supplied input may allow an attacker to...

EUVD-2014-9317

Malware in sbrugna...

CVE-2019-13363

admin.php?page=notificationbymail in Piwigo 2.9.5 has XSS via the nbmsendhtmlmail, nbmsendmailas, nbmsenddetailedcontent, nbmcomplementarymailcontent, nbmsendrecentpostdates, or paramsubmit parameter. This is exploitable via CSRF...

Katello Cross-Site Scripting Vulnerability (CNVD-2019-44962)

Katello is a system management engine. The product provides workflows for configuration management, subscription management and content management. A cross-site scripting vulnerability exists in the Username of the Notification page in Katello. The vulnerability stems from the WEB application's...

CVE-2013-0283

Katello: Username in Notification page has cross site scripting...

DotNetNuke Cross Site Scripting

Exploit Title: Stored Cross-Site Scripting in DotNetNuke DNN Version before 9.4.0 Exploit Description : This exploit will add a superuser to target DNN website. Exploit Condition : Successful exploitation occurs when an admin user visits a notification page. Exploit Author: MAYASEVEN CVE :...

DotNetNuke < 9.4.0 - Cross-Site Scripting Vulnerability

Exploit for multiple platform in category web applications Exploit Title: Stored Cross-Site Scripting in DotNetNuke DNN Version before 9.4.0 Exploit Description : This exploit will add a superuser to target DNN website. Exploit Condition : Successful exploitation occurs when an admin user visits ...

CVE-2019-12562

Stored Cross-Site Scripting in DotNetNuke DNN Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to...

Cross site scripting

Stored Cross-Site Scripting in DotNetNuke DNN Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. The exploit could be used to perfom any action with admin privileges such as managing content, adding users, uploading backdoors to...

eramba Enterprise / Community Cross Site Scripting

Exploit Title: eramba Enterprise & Community Editions Stored XSS Author: Yunus YILDIRIM Th3GundY Team: CT-Zer0 @CRYPTTECH - https://www.crypttech.com Website: www.yunus.ninja Contact: [email protected] 1. ADVISORY INFORMATION ======================= Product: eramba Open-Source IT GRC...

CVE-2014-9500

Cross-site scripting XSS vulnerability in the Moip module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the notification page callback...

CVE-2014-9500

Cross-site scripting XSS vulnerability in the Moip module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the notification page callback...