XikeStor SKS8310-8X 跨站脚本漏洞

The XikeStor SKS8310-8X is an Ethernet switch produced by the XikeStor company. Versions of XikeStor SKS8310-8X starting from 1.04.B07 and earlier have a cross-site scripting vulnerability. This vulnerability stems from a storage-based cross-site scripting vulnerability in the System Name field,...

Chamilo 跨站脚本漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.34 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient input validation in the course learning path settings field, which could lead to storage-bas...

Chamilo 跨站脚本漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.34 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient input validation in social networking and internal messaging functions, which could lead to...

Chamilo 跨站脚本漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.34 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient input validation in the course description field, which could lead to storage-based cross-si...

WordPress plugin Fluent Forms Pro 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin My Calendar – Accessible Event Manager 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Envira Gallery 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

HomeBox 跨站脚本漏洞

HomeBox is an open-source project developed by SysAdmins Media, designed for home users. Versions of HomeBox prior to 0.24.0-rc.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the project’s attachment upload feature, where the types of uploaded files were not...

dify 跨站脚本漏洞

dify is an open-source LLM application development platform developed by LangGenius. Versions of dify prior to 1.11.2 had a cross-site scripting vulnerability. This vulnerability stemmed from the relaxed security settings when Mermaid charts were rendered in chat messages, potentially leading to...

NocoDB 跨站脚本漏洞

NocoDB is an open-source alternative to Airtable. It converts any MySQL, PostgreSQL, SQL Server, SQLite, and MariaDB databases into intelligent spreadsheets. Versions of NocoDB prior to 0.301.3 had a cross-site scripting vulnerability. This vulnerability occurred due to insufficient cleanup durin...

WordPress plugin wpForo Forum 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The wpFo...

PluXml CMS 跨站脚本漏洞

PluXml CMS is a database-free content management system developed by the French company PluXml. Versions 5.8.21 and 5.9.0-rc7 of PluXml CMS contain cross-site scripting vulnerabilities. These vulnerabilities stem from the file upload feature’s storage-based cross-site scripting, which may allow f...

Statamic 跨站脚本漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. Versions of Statamic 5.73.11 and earlier, as well as 6.4.0 and earlier, had a cross-site scripting vulnerability. This...

Audiobookshelf 跨站脚本漏洞

Audiobookshelf is an open-source, self-hosted server for audio books and podcasts. Versions of Audiobookshelf prior to 2.32.0 contained a cross-site scripting vulnerability. This vulnerability was caused by malicious library metadata, leading to storage-based cross-site scripting, which could...

Mercator 跨站脚本漏洞

Mercator is an ecosystem visualization software developed by Didier Barzin. Versions of Mercator before 2026.02.22 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of unescaped Blade directives in the display templates, which could lead to storage-based...

Craft CMS 跨站脚本漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions of Craft CMS from 4.5.0-RC1 to 4.16.18, as well as from 5.0.0-RC1 to 5.8.22, have a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the html column type input in the...

GetSimple CMS 跨站脚本漏洞

GetSimple CMS is an open-source content management system developed by GetSimple CMS. Version 3.3.16 of GetSimple CMS has a cross-site scripting vulnerability. This vulnerability stems from improper output encoding of user inputs for the slug field in component functions. It may lead to...

Bludit 跨站脚本漏洞

Bludit is an open-source, lightweight blog content management system developed by Bludit. Version 3.16.2 of Bludit contains a cross-site scripting vulnerability. This vulnerability arises from the fact that post content cleaning is only performed on the client side, while equivalent cleaning is n...

Statamic 跨站脚本漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. Versions of Statamic 5.73.8 and earlier, as well as versions 6.0.0-alpha.1 through 6.3.1, had a cross-site scripting...

phpMoAdmin 跨站脚本漏洞

phpMoAdmin is a MongoDB database management tool developed by Valentin Hilbig. Version 1.1.5 of phpMoAdmin contains a cross-site scripting vulnerability, which stems from improper cleaning of collection parameters. This vulnerability may lead to storage-based cross-site scripting attacks...