EUVD-2026-35383

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 6. The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory names. These payloads are stored and executed when...

CVE-2019-25743

WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the...

CVE-2026-9056

Talend Administration Center is affected by a stored XSS vulnerability (CVE-2026-9056). An attacker with server-management permissions can store an XSS payload that is triggered when another user visits the affected interface. Documented as stored XSS with user interaction required; no explicit e...

EUVD-2026-30987

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability in the ticket reply notification system. Unsanitized reply content $newmessage is stored directly in database notification payloads and later rendered...

EUVD-2026-30157

CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting XSS vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious JavaScript payloads into multiple fields during the creation or modification of a product. These...

FreeScout 跨站脚本漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.217 contained a cross-site scripting vulnerability. This vulnerability occurred because users with the "updateAutoReply"...

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS in the page management process. An attacker can execute arbitrary JavaScript in the browsers of administrators, authenticated users, and...

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized input in group and role management fields. An attacker can execute arbitrary JavaScript in the context of an administrator's brows...

CVE-2026-34557

CI4MS is a CodeIgniter 4–based CMS skeleton. Prior to version 0.31.0.0, it fails to sanitize user input in group/role management, allowing three group-related fields to carry malicious JavaScript that is stored server-side and later rendered in privileged admin views without proper encoding, caus...

CVE-2021-47835

Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads in custom widget titles and files. Attackers can craft malicious files with embedded scripts that execute when victims interact with the application, potentially enabling remot...

PT-2026-3290

Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads in custom widget titles and files. Attackers can craft malicious files with embedded scripts that execute when victims interact with the application, potentially enabling remot...

CVE-2025-65592

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenever a user views the affected pages...

CVE-2025-65592

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS in the product management functionality. Malicious payloads inserted into the "Product Name" and "Short Description" fields are stored in the backend database and executed automatically whenever a user views the affected pages...

CVE-2025-41080

A flaw was found in Seafile. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious payloads with POST parámetro 'p' in '/api/v2.1/repos/repoid/file/', leading to a stored Cross-Site Scripting XSS. Mitigation Restrict network access to the...

GHSA-CCHQ-397M-Q2QM Grav CMS is vulnerable to Cross Site Scripting (XSS) in the page editor

Grav CMS 1.7.49 is vulnerable to Cross Site Scripting XSS. The page editor allows authenticated users to edit page content via a Markdown editor. The editor fails to properly sanitize tags, allowing stored XSS payloads to execute when pages are viewed in the admin interface...

CVE-2025-65186

Summary (CVE-2025-65186): Grav CMS 1.7.49 is reported vulnerable to Cross Site Scripting (XSS) via the page editor. The Markdown editor does not adequately sanitize script tags, enabling stored XSS payloads that execute when pages are viewed in the admin interface. Affected component: the admin/p...

SAP Application Server for ABAP 代码注入漏洞

SAP Application Server for ABAP is a load balancing, memory management platform from SAP, Germany. A code injection vulnerability exists in SAP Application Server for ABAP that originates from allowing an authenticated attacker to store a malicious JavaScript payload that could lead to a cross-si...

EUVD-2024-52997

Malicious code in bioql PyPI...

CVE-2025-57203

MagicProject AI version 9.1 is affected by a Cross-Site Scripting XSS vulnerability within the chatbot generation feature available to authenticated admin users. The vulnerability resides in the prompt parameter submitted to the /dashboard/user/generator/generate-stream endpoint via a...

CVE-2025-57203

MagicProject AI version 9.1 is affected by a Cross-Site Scripting XSS vulnerability within the chatbot generation feature available to authenticated admin users. The vulnerability resides in the prompt parameter submitted to the /dashboard/user/generator/generate-stream endpoint via a...