CVE-2025-65270

Reflected cross-site scripting XSS vulnerability in ClinCapture EDC 3.0 and 2.2.3, allowing an unauthenticated remote attacker to execute JavaScript code in the context of the victim's browser...

CVE-2023-53976

myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the template management system that allows authenticated administrators to inject malicious scripts when creating new templates. Attackers can exploit this vulnerability by inserting script payloads in the template title...

CVE-2025-65790

A reflected cross-site scripting XSS vulnerability exists in FuguHub 8.1 when serving SVG files through the /fs/ file manager interface. FuguHub does not sanitize or restrict script execution inside SVG content. When a victim opens a crafted SVG containing an inline element, the browser executes...

WordPress GPXpress plugin cross-site scripting vulnerability

WordPress GPXpress plugin is a plugin for WordPress that is mainly used to embed aesthetically pleasing maps to display GPX paths. A cross-site scripting vulnerability exists in the WordPress GPXpress plugin, which stems from the lack of effective filtering and escaping of user-supplied data in t...

Piranha CMS 安全漏洞

Piranha CMS is Piranha CMS open source a friendly editor-centric CMS used as . A security vulnerability exists in Piranha CMS that stems from the injection of a specially crafted payload into the Excerpt field that could lead to the execution of arbitrary web script or HTML...

Piranha CMS 安全漏洞

Piranha CMS is Piranha CMS open source a friendly editor-centered CMS used as . A security vulnerability exists in Piranha CMS that stems from the injection of a specially crafted payload into the Name field that could lead to the execution of arbitrary web script or HTML...

CVE-2025-66521

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Trusted Certificates feature. A crafted payload can be injected as the certificate name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time t...

CVE-2025-66520

A stored cross-site scripting XSS vulnerability exists in the Portfolio feature of the Foxit PDF Editor cloud pdfonline.foxit.com. User-supplied SVG files are not properly sanitized or validated before being inserted into the HTML structure. As a result, embedded HTML or JavaScript within a craft...

CVE-2025-66502

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Page Templates feature. A crafted payload can be stored as the template name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time the affected...

CVE-2023-53925

UliCMS 2023.1 contains a stored cross-site scripting vulnerability that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the file management interface that execute arbitrary scripts when viewed by other users...

Cross-site Scripting (XSS)

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the function handler in the Vega AST evaluator. An attacker can execute arbitrary scripts in the...

EUVD-2025-204371

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to upload files with spoofed Content-Type that do not match file extensions. Attackers can exploit this vulnerability by uploading malicious files with manipulated MIME types, allowing malicious scripts to execute i...

CVE-2024-58319

A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Pages dashboard widget configuration dialog. Attackers can exploit this vulnerability to execute malicious scripts in administrative users' browsers...

CVE-2022-50681

A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers...

CVE-2024-58323 Kentico Xperience <= 13.0.158 Checkbox Form Component Stored XSS

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the Checkbox form component. This allows malicious scripts to execute in users' browsers by exploiting HTML support in the form builder...

CVE-2022-50681 Kentico Xperience <= 13.0.88 Rich Text Editor Reflected XSS

A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers...

PT-2025-52299

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A stored cross-site scripting issue exists in Kentico Xperience. Attackers can upload files with a manipulated Content-Type that does not align with the file extension. This allows...

PT-2025-52303

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A reflected cross-site scripting issue exists in Kentico Xperience. This allows attackers to inject malicious scripts through administration input fields within the Rich text editor...

CVE-2025-63949

A Reflected Cross-Site Scripting XSS vulnerability in yohanawi Hotel Management System commit 87e004a allows a remote attacker to execute arbitrary web script via the 'error' parameter in pages/room.php...

Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject malicious script via the rich text editor component of the page and form builder...