8993 matches found
CVE-2026-57732
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows DOM-Based XSS.This issue affects tagDiv Opt-In Builder: from n/a through = 1.7.4...
CVE-2026-57706
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dokan, Inc. Dokan dokan-lite allows Reflected XSS.This issue affects Dokan: from n/a through = 5.0.6...
CVE-2026-57363
The CVE-2026-57363 entry documents a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress ChatBot plugin, affecting versions up to 8.3.7. The issue arises from improper neutralization of input during web page generation, enabling XSS when data is rendered. Affected component: the Chat...
FortiWeb - Cross Site Scripting
FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points. id: CVE-2021-22122 info: name:...
EUVD-2026-43070
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...
EUVD-2026-43073
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox allows Cross-Site Scripting XSS. This issue affects Colorbox versions: from 0.0.0 to 2.1.5, from 0.0.0 to 2.2.0...
EUVD-2026-43069
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...
EUVD-2026-43115
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Commerce Core allows Stored XSS. This issue affects Commerce Core versions: from 3.3.0 to 3.3.6...
CVE-2026-55808
Drupal core is affected by CVE-2026-55808, a Cross-Site Scripting (XSS) vulnerability caused by improper validation in content uploads. The JSON:API and REST modules allow image files to be uploaded to image fields; validation checks only file extensions and not MIME types, which could let a non-...
CVE-2026-5005
CVE-2026-5005 : A stored cross-site scripting (XSS) vulnerability in Twiser Informatics Technology Consulting, Trade and Education Inc. OKRs & Goals due to improper input neutralization during web page generation. Affected versions are OKRs & Goals from 28220 before 28398. The CVSS 3.1 vector ind...
CVE-2026-2342
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OceanicSoft Informatics Systems Ltd. ValeApp allows Stored XSS. This issue affects ValeApp: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any w...
EUVD-2026-42554
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in OceanicSoft Informatics Systems Ltd. ValeApp allows Stored XSS. This issue affects ValeApp: through 09072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any w...
CVE-2026-2342
The CVE-2026-2342 entry describes a Stored XSS in ValeApp by OceanicSoft Informatics Systems Ltd, caused by improper neutralization of input during web page generation. Affected product: ValeApp (through 09072026). Root cause: input is not properly sanitized before rendering, enabling an attacker...
CVE-2026-11903
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Progress MOVEit Transfer Ad Hoc module. This issue affects MOVEit Transfer: from 2026.0.0 before 2026.0.1, from 2025.1.0 before 2025.1.4, from 2025.0.0 before 2025.0.8...
CVE-2026-6371 Stored XSS in Limatek's LimRAD NAC
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Limatek System Inc. LimRAD NAC allows Stored XSS. This issue affects LimRAD NAC: through 08072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...
CVE-2026-6371
CVE-2026-6371 : Stored XSS in LimRAD NAC by Limatek System Inc. due to improper neutralization of input during web page generation. Affected through 08/07/2026. Documents list impact as a cross-site scripting vulnerability with a Medium severity (CVSS 3.1: AV Adjacent, AC Low, PR Low, UI Required...
PT-2026-56411
Name of the Vulnerable Software and Affected Versions Mediküm Web versions through 08072026 Description Improper neutralization of input during web page generation allows Reflected Cross-Site Scripting XSS, a flaw where malicious scripts are reflected off a web application to the victim's browser...
EUVD-2025-210435
DrawIO for ownCloud is an application for using DrawIO with the file storage, synchronization, and sharing application ownCloud Classic. In DrawIO for ownCloud prior to version 1.0.2, which corresponds to ownCloud 10 prior to version 10.15.3, attackers with access to the DrawIO app can leverage...
EUVD-2026-41596
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
EUVD-2026-41594
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...