CVE-2025-45755

A Stored Cross-Site Scripting XSS vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improper...

CVE-2025-45755

Vulnerable software: Vtiger CRM Open Source Edition v8.3.0. The issue is a Stored Cross-Site Scripting (XSS) vulnerability exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload mapped to the Service Name field; when uploaded, the applica...

PT-2024-30556 · Khoj · Khoj

Name of the Vulnerable Software and Affected Versions: Khoj versions prior to 1.15.0 Description: The Automation feature in Khoj allows users to insert arbitrary HTML inside task instructions, resulting in a Stored XSS. The q parameter for the "/api/automation" endpoint does not get correctly...

CVE-2023-6424

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/diseasesymptomsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an...

CVE-2022-23051

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svgfile' parameter...

CVE-2021-4046

The mtxtNom y mtxtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data...

CVE-2022-23047

Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the "Site/Organization Name","Site Title" and "Site Header" parameters while updating the site settings on "/exponentcms/administration/configuresite"...

CVE-2021-29459

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible to persistently inject scripts in XWiki versions prior to 12.6.3 and 12.8. Unregistred users can fill simple text fields. Registered users can fill in their personal information...

Xwiki Platform 跨站脚本漏洞

Xwiki Platform is a wiki platform for creating web collaboration applications from the French company Xwiki. XWiki Platform has a cross-site scripting vulnerability that can be exploited by attackers to persistently inject scripts...

CVE-2020-15536

An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration fields...

Playable 9.18 Script Insertion / Arbitrary File Upload

Document Title: =============== Playable v9.18 iOS - Multiple Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2198 Release Date: ============= 2020-04-16 Vulnerability Laboratory ID VL-ID: ==================================== 2198...

phpVirtualBox 5.2 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities

Exploit for php platform in category web applications Title: phpVirtualBox / CSRF - Stored XSS Discovered by: @codexlynx Software Version: //lib/ajax.php" name="csrf" " / 2Stored XSS -------------------------------- Many fields don't sanitize inputs. This vulnerability could allow a user role...

CVE-2017-5256

In version 3.5 and prior of Cambium Networks ePMP firmware, all authenticated users have the ability to update the Device Name and System Description fields in the web administration console, and those fields are vulnerable to persistent cross-site scripting XSS injection...

CVE-2017-11320

Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router...

Bugcrowd Persistent Script Injection / Filter Bypass

Document Title: =============== Bugcrowd Bug Bounty 7 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1830 ID: b40f63ed19074014df808599e44684f6a18bb6f4f51cf21948ef78df2f56c13b Release Date: ============= 2016-05-10...

ZyXel WAP3205 Cross-Site Scripting Vulnerability

ZyXEL WAP3205 is a wireless broadband router from ZyXEL Technology. The ZyXel WAP3205 suffers from a cross-site scripting vulnerability that could allow an authenticated attacker to insert persistent malicious script into a page...

eBay Magento Persistent Script Insertion

Document Title: =============== Ebay Magento Bug Bounty 10 - Persistent Filename Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1457 eBay Inc. Bug Bounty Program ID: EIBBP-31603 Video: https://www.youtube.com/watch?v=WffsHd8pibE Release...

SevDesk 1.1 Persistent Script Insertion

Document Title: =============== SevDesk v1.1 iOS - Persistent Dashboard Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1311 Release Date: ============= 2015-04-23 Vulnerability Laboratory ID VL-ID: ==================================== 1311...

GeniXCMS 0.0.1 Cross Site Scripting

GeniXCMS v0.0.1 Persistent Script Insertion Vulnerability Vendor: MetalGenix Product web page: http://www.genixcms.org Affected version: 0.0.1 Summary: GenixCMS is a PHP Based Content Management System and Framework CMSF. It's a simple and lightweight of CMSF. Very suitable for Intermediate PHP...

GeniXCMS 0.0.1 - Multiple Vulnerabilities

GeniXCMS v0.0.1 Remote Unauthenticated SQL Injection Exploit Vendor: MetalGenix Product web page: http://www.genixcms.org Affected version: 0.0.1 Summary: GenixCMS is a PHP Based Content Management System and Framework CMSF. It's a simple and lightweight of CMSF. Very suitable for Intermediate...