Kirby CMS vulnerable to cross-site scripting (XSS) from list field content in the site frontend

TL;DR This vulnerability affects all Kirby sites that use the list field or list block, when content is authored by users who may not be fully trusted. The attack requires an authenticated Panel user with update permission to any list field or list block. This vulnerability is of high severity fo...

Endian Firewall name parameter cross-site scripting vulnerability

Endian Firewall is a network security firewall system from Endian. A cross-site scripting vulnerability exists in the Endian Firewall name parameter, which stems from improper cleanup of the name parameter input in /manage/qos/classes/, and can be exploited by an attacker to inject malicious...

CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Blogs Posts Categories Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS - Stored Cross-Site Scripting via Unsanitized Blog Post Content in Blog Management Categories Description The application fails to properly sanitize user-controlled input wh...

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized input in the Company Information configuration fields within the system settings. An attacker can execute arbitrary JavaScript in...

CVE-2022-37028

ISAMS 22.2.3.2 is prone to stored Cross-site Scripting XSS attack on the title field for groups, allowing an attacker to store a JavaScript payload that will be executed when another user uses the application...

CVE-2021-41029

A improper neutralization of input during web page generation 'cross-site scripting' in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device and trigger it via crafted HTTP requests...

CVE-2025-69007 WordPress Popping Sidebars and Widgets Light plugin <= 1.27 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Stored XSS.This issue affects Popping Sidebars and Widgets Light: from n/a through = 1.27...

Xenforo 跨站脚本漏洞

Xenforo is a forum software from Xenforo, Inc. A cross-site scripting vulnerability exists in Xenforo version 2.2.13, which stems from improper cleaning of the smilie category header parameter and could lead to a stored cross-site scripting attack...

Podcast Generator 跨站脚本漏洞

Podcast Generator is an open source set of free podcast publishing scripts written in PHP by PodcastGenerator. A cross-site scripting vulnerability exists in Podcast Generator version 3.2.9, which stems from improper cleaning of the podcast title field and could lead to a stored cross-site...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The solution supports mobile content management, marketing and sales campaign management, and multi-site management. A...

WordPress plugin WP Carticon 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

EUVD-2020-29670

Malware in sbrugna...

EUVD-2021-11641

Malware in sbrugna...

EUVD-2020-5664

Malware in sbrugna...

EUVD-2024-43227

Malicious code in bioql PyPI...

EUVD-2025-16910

Malicious code in bioql PyPI...

EUVD-2023-41426

Malicious code in bioql PyPI...

EUVD-2022-39682

Malicious code in bioql PyPI...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

WordPress plugin Countdown Timer for Elementor 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...