CVE-2026-23891

Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting...

CVE-2026-23891

Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting...

CVE-2026-23891

Summary (CVE-2026-23891, Decidim) : A stored code execution vulnerability exists in the user name field for Decidim versions

PT-2026-32446

Name of the Vulnerable Software and Affected Versions Decidim versions prior to 0.30.5 Decidim versions 0.31.0.rc1 through 0.31.0 Description A stored code execution issue in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively...

CVE-2023-43191

SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker,...

CVE-2025-60298

CVE-2025-60298 affects Novel-Plus up to version 5.2.4, with a Stored XSS via the /author/updateIndexName endpoint. The indexName parameter is stored in the database and executed when other users view the affected book chapter, enabling authenticated attackers to inject JavaScript. CVSSv3.1 base s...

EUVD-2019-13405

Malware in sbrugna...

Perfex CRM 跨站脚本漏洞

Perfex CRM is a customer relationship management software from Perfex CRM open source. It is used to manage customers, projects and create invoices in the cloud. A cross-site scripting vulnerability exists in Perfex CRM version 3.2.1, which stems from insufficient validation of user input for the...

PT-2024-5260 · Rsa · Archer Platform

Name of the Vulnerable Software and Affected Versions: Archer Platform versions prior to 6.8 2024.06 Archer Platform versions 6.8 before 2024.06 Archer Platform versions 6.14 before 6.14.0.4 Archer Platform versions 6.13 before 6.13.0.4 Description: The issue is related to the lack of protection ...

CVE-2023-25807 DataEase dashboard has a stored XSS vulnerability

DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses th...

GLPI 跨站脚本漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

DEBIAN-CVE-2022-39285

ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability XSS by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the...

UBUNTU-CVE-2022-39285

ZoneMinder is a free, open source Closed-circuit television software application The file parameter is vulnerable to a cross site scripting vulnerability XSS by backing out of the current "tr" "td" brackets. This then allows a malicious user to provide code that will execute when a user views the...

Stored XSS vulnerability on Bounce Management Callback

Impact Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "errorrelatedto" parameters of the POST request of the bounce management callback will be permanently stored and...

Cross site scripting

Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with high privileges could exploit this vulnerability to store malicious HTML or JavaScript code while creating the Enduser. When victim users access the...

CVE-2019-7250

An issue was discovered in the Cross Reference Add-on 36 for Google Docs. Stored XSS in the preview boxes in the configuration panel may allow a malicious user to use both label text and references text to inject arbitrary JavaScript code via SCRIPT elements, event handlers, etc.. Since this code...

October CMS < 1.0.431 - Cross-Site Scripting

​​ Exploit Title: October CMS Stored Code Injection Date: 16-02-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://octobercms.com/ Version: All versions till date from 1.0.431 CVE : CVE- 2018-7198 Categor...

October CMS 1.0.431 - Cross-Site Scripting

October CMS 1.0.431 - Cross-Site Scripting ​​ Exploit Title: October CMS Stored Code Injection Date: 16-02-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://octobercms.com/ Version: All versions till dat...

October CMS Cross Site Scripting

Exploit Title: October CMS Stored Code Injection Date: 16-02-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://octobercms.com/ Version: All versions till date from 1.0.431 CVE : CVE- 2018-7198 Category:...