CVE-2024-39457

Cybozu Garoon 6.0.0 to 6.0.1 contains a cross-site scripting vulnerability in PDF preview. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser...

CVE-2023-29043

Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain...

CVE-2025-23362

The old versions of EXIF Viewer Classic contain a cross-site scripting vulnerability caused by improper handling of EXIF meta data. When an image is rendered and crafted EXIF meta data is processed, an arbitrary script may be executed on the web browser. Versions 2.3.2 and 2.4.0 were reported as...

CVE-2022-31029

AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like in the field marked with "Domain to look for" and hitting enter or clicking on any of the buttons will execute the script. The user must be logged in to use this vulnerability. Usually only...

CVE-2024-41943

I, Librarian is an open-source version of a PDF managing SaaS. PDF notes are displayed on the Item Summary page without any form of validation or sanitation. An attacker can exploit this vulnerability by inserting a payload in the PDF notes that contains malicious code or script. This code will...

CVE-2023-29523

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write acces...

CVE-2023-45135

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In org.xwiki.platform:xwiki-platform-web versions 7.2-milestone-2 until 14.10.12 and org.xwiki.platform:xwiki-platform-web-templates prior to versions 14.10.12 and 15.5-rc-1, it is possible to...

CVE-2022-38754

A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM Operations Bridge Manager user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is on...

CVE-2026-0627 AMP for WP <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG File Upload

The AMP for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 1.1.10. This is due to insufficient sanitization of SVG file content that only removes tags while allowing other XSS vectors such as event handlers onload,...

CVE-2026-20976

Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script...

CVE-2026-20976

Galaxy Store (Samsung) before version 4.6.02 suffers from improper input validation that allows a local attacker to execute arbitrary scripts. Affected product/version details are consistently reported across CVE entries and Red Hat/CIRCL/CNNVD mirrors indicate Galaxy Store prior to 4.6.02 is vul...

CVE-2026-20976

Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script...

PT-2026-2057

Name of the Vulnerable Software and Affected Versions Samsung Galaxy Store versions prior to 4.6.02 Description A flaw exists in the Galaxy Store application where insufficient input validation can allow a local attacker to execute arbitrary script. The issue affects the Galaxy Store application...

SAMSUNG Galaxy Store 安全漏洞

SAMSUNG Galaxy Store is an application store by Samsung South Korea. A security vulnerability exists in SAMSUNG Galaxy Store versions prior to 4.6.02 that stems from improper input validation and could lead to the execution of arbitrary scripts...

CVE-2026-22028

A flaw was found in Preact, a lightweight web development framework. A security regression allows an attacker to bypass JSON serialization protection, leading to HTML injection. This vulnerability arises when applications process unsanitized data from external sources, allowing malicious JSON to ...

CVE-2019-25270

SOCA Access Control System 180612 is affected by a reflected XSS in the senddata POST parameter of logged_page.php (also referred to as logged page.php in PT-2026-1674). The root cause is improper handling/encoding of user-supplied data, allowing attackers to inject and execute arbitrary HTML/scr...

CVE-2022-27231

Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product...

CVE-2022-27330

A cross-site scripting XSS vulnerability in /public/admin/index.php?addproduct of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field...

CVE-1999-0268

MetaInfo MetaWeb web server allows users to upload, execute, and read scripts...

phpMyFAQ XSS Vulnerability (GHSA-jv8r-hv7q-p6vc)

phpMyFAQ is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"...