Cross-site Scripting (XSS)

Overview kibana is an open source Apache Licensed, browser-based analytics and search dashboard for Elasticsearch. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Vega method. An attacker can execute arbitrary scripts in the context of a user's browser by...

EUVD-2025-204360

Cameleon CMS 2.7.4 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts into post titles. Attackers can create posts with embedded SVG scripts that execute when other users mouse over the post title, potentially stealing...

EUVD-2025-204351

RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute...

EUVD-2025-204379

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via error messages containing specially crafted object names. This allows malicious scripts to execute in users' browsers when administrators view error messages in the administration...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Forum Name parameter. An attacker can execute arbitrary web scripts or HTML by injecting crafted payloads. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “inject...

Cross-site Scripting (XSS)

Overview camaleoncms is a dynamic and advanced content management system based on Ruby on Rails as an alternative to Wordpress. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the post title field. An attacker can execute arbitrary JavaScript in the context of oth...

CVE-2024-58321

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form validation rule configuration. Attackers can exploit this vulnerability to execute malicious scripts that will run in users' browsers...

CVE-2024-58318

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the rich text editor component for page and form builders. Attackers can exploit this vulnerability by entering malicious URIs, potentially allowing malicious scripts to execute in...

CVE-2022-50680

A stored cross-site scripting vulnerability in Kentico Xperience allows administration users to inject malicious scripts via email marketing templates. Attackers can exploit this vulnerability to execute malicious scripts that could compromise user browsers and steal sensitive information...

CVE-2020-36891

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to upload files with spoofed Content-Type that do not match file extensions. Attackers can exploit this vulnerability by uploading malicious files with manipulated MIME types, allowing malicious scripts to execute i...

CVE-2022-50680

A stored cross-site scripting vulnerability in Kentico Xperience allows administration users to inject malicious scripts via email marketing templates. Attackers can exploit this vulnerability to execute malicious scripts that could compromise user browsers and steal sensitive information...

CVE-2023-53936 Cameleon CMS 2.7.4 Authenticated Persistent Cross-Site Scripting via Post Creation

Cameleon CMS 2.7.4 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts into post titles. Attackers can create posts with embedded SVG scripts that execute when other users mouse over the post title, potentially stealing...

CVE-2023-53936 Cameleon CMS 2.7.4 Authenticated Persistent Cross-Site Scripting via Post Creation

Cameleon CMS 2.7.4 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts into post titles. Attackers can create posts with embedded SVG scripts that execute when other users mouse over the post title, potentially stealing...

CVE-2023-53737 Kentico Xperience <= 13.0.101 Localization Application Stored XSS

A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts of the administration interface...

CVE-2023-53736 Kentico Xperience <= 13.0.120 Administration Interface Reflected XSS

A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts in the administration interface. Attackers can exploit this vulnerability to execute arbitrary scripts within the administrative context...

CVE-2022-50683 Kentico Xperience <= 13.0.74 Form Configuration Stored XSS

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form redirect URL configuration. This allows malicious scripts to execute in users' browsers through unvalidated form configuration settings...

CVE-2020-36889 Kentico Xperience <= 12.0.90 Administration Interface Stored XSS

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via error messages containing specially crafted object names. This allows malicious scripts to execute in users' browsers when administrators view error messages in the administration...

python: Virtual environment (venv) activation scripts don't quote paths

A vulnerability has been found in the Python venv module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts, for example, "source venv/bin/activate". This flaw allows...

EUVD-2023-60219

Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerability in the article excerpt field that allows authenticated users to inject malicious scripts. Attackers can insert JavaScript payloads into the excerpt, which will execute when the article is viewed by other users...

PT-2025-52305

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A stored cross-site scripting issue exists in Kentico Xperience. This allows attackers to inject malicious scripts through the form redirect URL configuration. Successful exploitati...