159 matches found
CVE-2023-27245
A cross-site scripting XSS vulnerability in File Management Project 1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Edit User module...
CVE-2023-24234
A stored cross-site scripting XSS vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter...
CVE-2022-28102
A cross-site scripting XSS vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php...
CVE-2022-48007
A stored cross-site scripting XSS vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent...
CVE-2022-45225
Book Store Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in /bsmsci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the booktitle parameter...
CVE-2022-44947
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in the Highlight Row feature at /index.php?module=entities/listingtypesid=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note fiel...
CVE-2022-34562
A cross-site scripting XSS vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the status box...
CVE-2022-25022
A cross-site scripting XSS vulnerability in Htmly v2.8.1 allows attackers to excute arbitrary web scripts HTML via a crafted payload in the content field of a blog post...
CVE-2022-44390
A cross-site scripting XSS vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Record Number text field...
CVE-2021-34190
A stored cross site scripting XSS vulnerability in index.php?menu=billingrates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Name" or "Prefix" fields under the "Create New Rate" module...
CVE-2021-46558
Multiple cross-site scripting XSS vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields...
CVE-2020-23618
A reflected cross site scripting XSS vulnerability in Xtend Voice Logger 1.0 allows attackers to execute arbitrary web scripts or HTML, via the path of the error page...
CVE-2020-35984
A stored cross site scripting XSS vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter...
CVE-2020-35985
A stored cross site scripting XSS vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter...
CVE-2020-19286
A stored cross-site scripting XSS vulnerability in the /question/detail component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the source field of the editor...
CVE-2020-36502
Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting XSS vulnerability via the devicename parameter which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered as the device name itself...
CVE-2020-21929
A stored cross site scripting XSS vulnerability in the webcopyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML...
CVE-2020-20701
A stored cross site scripting XSS vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
CVE-2020-19950
A cross-site scripting XSS vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML...
CVE-2025-32974 org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type
XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is content on the page...