CVE-2023-43267

A cross-site scripting XSS vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field...

CVE-2023-43376

A cross-site scripting XSS vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter...

CVE-2023-43875

Multiple Cross-Site Scripting XSS vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost, dbname, dbuser, adminusername and adminemail...

CVE-2023-49977

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customersupport/index.php?page=newcustomer...

CVE-2023-49540

Book Store Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in /bsmsci/index.php/history. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the history parameter...

CVE-2023-49971

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customersupport/index.php?page=customerlist...

CVE-2023-49976

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customersupport/index.php?page=newticket...

CVE-2023-49985

A cross-site scripting XSS vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cname parameter...

CVE-2023-31506

A cross-site scripting XSS vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element...

CVE-2023-4821

The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts...

CVE-2025-11453

The Header and Footer Scripts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the inpostheadscript parameter in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2018-9328

PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the terfrom or tag parameter to results.php...

CVE-2018-19646

The Python CGI scripts in PWS in Imperva SecureSphere 13.0.10, 13.1.10, and 13.2.10 allow remote attackers to execute arbitrary OS commands because command-line arguments are mishandled...

CVE-2009-4014

Multiple format string vulnerabilities in Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allow remote attackers to have an unspecified impact via vectors involving 1 check scripts and 2 the Lintian::Schedule module...

CVE-2021-41870

An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. An authenticated attacker can bypass a client-side file-type check and upload arbitrary .php files...

CVE-2021-33371

A stored cross-site scripting XSS vulnerability in /navbaraction.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box...

CVE-2021-22651

When loading a specially crafted file, Luxion KeyShot versions prior to 10.1, Luxion KeyShot Viewer versions prior to 10.1, Luxion KeyShot Network Rendering versions prior to 10.1, and Luxion KeyVR versions prior to 10.1 are, while processing the extraction of temporary files, suffering from a...

CVE-2025-11453 Header and Footer Scripts <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Header and Footer Scripts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the inpostheadscript parameter in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-11453 Header and Footer Scripts <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Header and Footer Scripts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the inpostheadscript parameter in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2025-11453

CVE-2025-11453 affects the Header and Footer Scripts WordPress plugin. Root cause: insufficient input sanitization and output escaping in _inpost_head_script, enabling Stored XSS. Affected versions up to 2.2.2; Wordfence notes patching in subsequent releases (2.3.0+). Impact: authenticated attack...