CVE-2020-25476

Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting XSS vulnerability in the user name parameter to Calendar. An attacker can insert the malicious payload on the username, lastname or surname fields of its own profile, and the malicious payload will be injected...

CVE-2025-48369 GroupOffice vulnerable to Stored XSS in Tasks Comment Section

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persistent Cross-Site Scripting XSS vulnerability exists in Groupoffice's tasks comment functionality, allowing attackers to execute arbitrary JavaScript by uploading an fil...

CVE-2020-22167

PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data...

CVE-2020-22655

In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 SCG200 before 3.6.2.0.795, SmartZone 100 SZ-100 before 3.6.2.0.795, SmartZone 300 SZ300 before 3.6.2.0.795, Virtua...

CVE-2020-5769

Insufficient output sanitization in Teltonika firmware TRB2R00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks by injecting malicious client-side code into the 'URL/ Host / Connection' form in the 'DATA TO SERVER' configuration section...

CVE-2020-5749

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks by creating a crafted group...

CVE-2020-35126

Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy...

CVE-2020-5191

PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities...

CVE-2020-15536

An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration fields...

CVE-2020-14294

An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board...

CVE-2020-15597

SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statutes Comment, Places Comment, or Resources Comment field...

CVE-2020-11556

An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There are multiple persistent stored and reflected XSS vulnerabilities...

CVE-2020-14223

HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting XSS. The vulnerability could be employed in a reflected or non-persistent XSS attack...

CVE-2020-23048

SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting XSS vulnerability in the component AddEvent.php via the name and comment parameters...

CVE-2020-9019

The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via the Add Job form, as demonstrated by title and Description...

CVE-2020-5746

Insufficient output sanitization in TCExam 14.2.2 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks by creating a crafted test...

CVE-2020-15535

An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Persistent XSS can occur via any of the registration fields...

CVE-2020-5205

In Pow Hex package before 1.0.16, the use of Plug.Session in Pow.Plug.Session is susceptible to session fixation attacks if a persistent session store is used for Plug.Session, such as Redis or a database. Cookie store, which is used in most Phoenix apps, doesn't have this vulnerability...

CVE-2020-13427

Victor CMS 1.0 has Persistent XSS in admin/users.php?source=adduser via the username, userfirstname, or userlastname parameter...

CVE-2018-7278

An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP 2.1 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP...