ITP ITS Intelligent SCADA System 跨站脚本漏洞

ITP ITS Intelligent SCADA System is an industrial automation monitoring and data acquisition platform developed by ITP, a company from Taiwan, China. The ITP ITS Intelligent SCADA System has a cross-site scripting vulnerability, which stems from stored-xss scripts. This vulnerability may allow...

CVE-2026-9144 Taiko AG1000-01A Rev 7.3/8 Stored XSS via Web Configuration Interface

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields...

EUVD-2026-31191

Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web configuration interface that allows authenticated attackers to execute persistent JavaScript by fragmenting malicious payloads across multiple administrative form fields...

CVE-2018-25330 Joomla! EkRishta 2.10 Persistent XSS and SQL Injection

Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when...

CVE-2026-3107

Stored Cross-Site Scripting XSS in Teampass versions prior to 3.1.5.16, affecting the password manager's password import functionality at the endpoint 'redacted/index.php?page=items'. The application fails to properly sanitize and encode user-input data during the import process, allowing malicio...

CVE-2025-59904

The CVE-2025-59904 entry describes a Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, triggered by multiple parameters in the /kForms/app endpoint. The issue allows malicious scripts to be injected and executed in the context of users accessing the affected resource, indicating a clie...

CVE-2025-59904

Stored Cross-Site Scripting XSS vulnerability in Kubysoft, which is triggered through multiple parameters in the '/kForms/app' endpoint. This issue allows malicious scripts to be injected and executed persistently in the context of users accessing the affected resource...

CVE-2025-59904 Stored Cross-Site Scripting vulnerability in Kubysoft

Stored Cross-Site Scripting XSS vulnerability in Kubysoft, which is triggered through multiple parameters in the '/kForms/app' endpoint. This issue allows malicious scripts to be injected and executed persistently in the context of users accessing the affected resource...

Kubysoft 跨站脚本漏洞

Kubysoft is an IT asset management software developed by the Spanish company Kubysoft. Kubysoft has a cross-site scripting vulnerability. This vulnerability stems from multiple parameters in the /forms/app endpoint, which are vulnerable to storage-based cross-site scripting attacks. This may allo...

CVE-2021-47917

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...

CVE-2021-47917 Simple CMS 2.1 Persistent Cross-Site Scripting via User Input Parameters

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...

PT-2026-5562

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...

CVE-2020-37003

Sellacious eCommerce 4.6 contains a persistent cross-site scripting vulnerability in the Manage Your Addresses module that allows attackers to inject malicious scripts. Attackers can exploit multiple address input fields like full name, company, and address to execute persistent script code that...

CVE-2026-23725

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting XSS vulnerability was identified in the html/pet/adotantes/cadastroadotante.php and html/pet/adotantes/informacaoadotantes.php endpoint of the WeGIA application. The application does not sanitize...

CVE-2021-47732

CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...

CVE-2023-53906

projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the custom assets configuration page. Attackers can craft a JavaScript payload in the custom assets section that will execute when other users loa...

EUVD-2023-60224

projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the custom assets configuration page. Attackers can craft a JavaScript payload in the custom assets section that will execute when other users loa...

CVE-2023-53906 ProjectSend r1605 Stored Cross-Site Scripting via Custom Assets Page

projectSend r1605 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript through the custom assets configuration page. Attackers can craft a JavaScript payload in the custom assets section that will execute when other users loa...

PT-2025-51944

Name of the Vulnerable Software and Affected Versions projectSend version r1605 Description The software contains a stored cross-site scripting issue. Authenticated administrators can inject malicious JavaScript through the custom assets configuration page. An attacker can create a JavaScript...

PT-2025-45474

Name of the Vulnerable Software and Affected Versions SourceCodester User Account Generator version 1.0 Description A Cross-Site Scripting XSS issue exists in SourceCodester User Account Generator version 1.0. This allows remote attackers to execute arbitrary JavaScript code within a user’s brows...