7647 matches found
CVE-2022-40435
Employee Performance Evaluation System v1.0 was discovered to contain a persistent cross-site scripting XSS vulnerability via adding new entries under the Departments and Designations module...
CVE-2022-39869
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVEPERSISTENTBANNER broadcast...
CVE-2022-36637
Garage Management System v1.0 was discovered to contain a persistent cross-site scripting XSS vulnerability via the brandname parameter at /brand.php...
CVE-2022-1075
A vulnerability was found in College Website Management System 1.0 and classified as problematic. Affected by this issue is the file /cwms/classes/Master.php?f=savecontact of the component Contact Handler. The manipulation leads to persistent cross site scripting. The attack may be launched...
CVE-2021-43991
The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site Scripting XSS vulnerability also known as Stored or Second-Order XSS. Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous...
CVE-2021-30109
Froala Editor 3.2.6 is affected by Cross Site Scripting XSS. Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting XSS vulnerability within the hyperlink creation module...
CVE-2021-38756
Persistent cross-site scripting XSS in Hospital Management System targeted towards web admin through prescribe.php...
CVE-2021-42119
Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes, which is then...
CVE-2021-42078
PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting XSS, as demonstrated by the /server/ajax/eventsmanager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, or to deface the sit...
CVE-2021-39866
A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens...
CVE-2021-3166
An issue was discovered on ASUS DSL-N14U-B1 1.1.2.3805 devices. An attacker can upload arbitrary file content as a firmware update when the filename SettingsDSL-N14U-B1.trx is used. Once this file is loaded, shutdown measures on a wide range of services are triggered as if it were a real update,...
CVE-2021-22499
Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack...
CVE-2021-40678
In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batchmanager=unit...
CVE-2021-32793
Pi-hole's Web interface provides a central location to manage a Pi-hole instance and review performance statistics. Prior to Pi-hole Web interface version 5.5.1, the function to add domains to blocklists or allowlists is vulnerable to a stored cross-site-scripting vulnerability. User input added ...
CVE-2020-25833
Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS attack...
CVE-2020-25476
Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting XSS vulnerability in the user name parameter to Calendar. An attacker can insert the malicious payload on the username, lastname or surname fields of its own profile, and the malicious payload will be injected...
CVE-2025-48369 GroupOffice vulnerable to Stored XSS in Tasks Comment Section
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persistent Cross-Site Scripting XSS vulnerability exists in Groupoffice's tasks comment functionality, allowing attackers to execute arbitrary JavaScript by uploading an fil...
CVE-2020-22167
PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data...
CVE-2020-22655
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 SCG200 before 3.6.2.0.795, SmartZone 100 SZ-100 before 3.6.2.0.795, SmartZone 300 SZ300 before 3.6.2.0.795, Virtua...
CVE-2020-5769
Insufficient output sanitization in Teltonika firmware TRB2R00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting XSS attacks by injecting malicious client-side code into the 'URL/ Host / Connection' form in the 'DATA TO SERVER' configuration section...