CVE-2022-20932

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due t...

CVE-2022-20833

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due t...

CVE-2022-20840

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due t...

CVE-2020-3532

A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to...

VulnCheck KEV: CVE-2024-11182

MDaemon Email Server contains a cross-site scripting XSS vulnerability that allows a remote attacker to load arbitrary JavaScript code via an HTML e-mail message...

CVE-2025-27084

A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a reflected cross-site scripting XSS attack. Successful exploitation could enable the attacker to execute arbitrary script code in the victim's browser within the...

CVE-2025-20203

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against users of the interface of an affected system. The...

Cisco TelePresence Management Suite XSS (cisco-sa-tms-xss-vuln-WbTcYwxG)

According to its self-reported version, Cisco TelePresence Management Suite is affected by a cross-site scripting vulnerability. - A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS could allow a low-privileged, remote attacker to conduct a cross-site...

CVE-2025-0828

A stored Cross-site Scripting XSS vulnerability affecting Engineering Release in ENOVIA Product Engineering Specialist from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-0830

Mode C: CVE-2025-0830 is a stored XSS vulnerability in ENOVIA Change Manager (Meeting Management) affecting 3DEXPERIENCE R2022x through R2024x. The issue enables an attacker to execute arbitrary script code in a user’s browser session. Documented impact in the public CVE entry indicates low confi...

CVE-2025-0830 Stored Cross-site Scripting (XSS) vulnerability affecting Meeting Management in ENOVIA Change Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x

A stored Cross-site Scripting XSS vulnerability affecting Meeting Management in ENOVIA Change Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-0599 Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x

A stored Cross-site Scripting XSS vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-0595

CVE-2025-0595 is a stored Cross-site Scripting (XSS) vulnerability in 3DSwymer’s 3DDashboard, affecting releases R2022x through R2024x. The issue enables an attacker to execute arbitrary script code in a user’s browser session, via the vulnerable component (3DDashboard) in the 3DEXPERIENCE enviro...

Dassault Systèmes ENOVIA Collaborative Industry Innovator 安全漏洞

Dassault Systèmes ENOVIA Collaborative Industry Innovator is an important toolset for real-time, secure and structured collaboration and product content management for an engineering team at Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes ENOVIA Collaborative Indust...

CVE-2025-20116

A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper input validation in the web...

CVE-2025-20116 Cisco Application Policy Infrastructure Controller Stored Cross-Site Scripting Vulnerability

A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper input validation in the web...

Cisco Unified Communications Manager XSS (cisco-sa-cucm-xss-9zmfHyZ)

According to its self-reported version, Cisco Unified Communications Manager running on the report host is affected by a cross-site scripting XSS vulnerability. Due to improper validation of suer-supplied input by the web-based management interface, an unauthenticated, remote attacker can execute...

Cisco AsyncOS Cross-Site Scripting Vulnerability (CNVD-2025-03528)

Cisco AsyncOS is an operating system for Cisco devices from Cisco USA. A cross-site scripting vulnerability exists in Cisco AsyncOS that originates from improper user input validation and can be exploited by a remote attacker to execute arbitrary script code or access sensitive information via a...

CVE-2022-43524

A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute...

CVE-2025-20180

CVE-2025-20180 affects Cisco AsyncOS for Cisco Secure Email and Web Manager and Secure Email Gateway. The flaw is a stored cross-site scripting (XSS) caused by insufficient validation of user input in the web-based management interface. An authenticated attacker with at least Operator privileges ...