CVE-2025-10553

A Stored Cross-site Scripting XSS vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2026-32124

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the dynamic code picker AJAX endpoint returns code descriptions codetext that are rendered in the front end e.g. DataTables without HTML escaping. If an administrator or user...

CVE-2026-27261

This CVE entry is rejected/not used per the Initial Description.

Movable Type 跨站脚本漏洞

Movable Type is a content management system developed by Movable Type Inc. Movable Type has a cross-site scripting vulnerability, which stems from a stored-cross-site scripting vulnerability present in the comment editing feature. This vulnerability could allow arbitrary scripts to be executed on...

PT-2025-53770

Name of the Vulnerable Software and Affected Versions affected versions not specified Description The software suffers from an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for the injection of malicious scripts into web pages. Th...

CVE-2024-58321

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form validation rule configuration. Attackers can exploit this vulnerability to execute malicious scripts that will run in users' browsers...

Cross-site Scripting (XSS)

Overview getgrav/grav is a Modern, Crazy Fast, Ridiculously Easy and Amazingly Powerful Flat-File CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via exposed input parameters. An administrator can execute arbitrary JavaScript code in the context of the user's...

EUVD-2025-29671

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rich text field in web content articles. An attacker can execute arbitrary web scripts or inject malicious HTML by submitting crafted input to this field. Details Cross-site scripting or XSS is a code...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Publisher portal. An attacker can execute arbitrary JavaScript in the context of another user's browser by uploading a crafted API document containing malicious scripts. This can lead to unauthorized UI...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the components tab. An attacker can execute arbitrary web script or HTML by injecting malicious content that is rendered in the user's browser. Details Cross-site scripting or XSS is a code vulnerability tha...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the message boards feature available through the web interface. An attacker can execute arbitrary JavaScript code in the context of other users by injecting malicious scripts into messages. Details Cross-sit...

CVE-2025-43877

CVE-2025-43877 affects Elecom WRC-1167GHBK2-S: stored cross-site scripting in WebGUI enabling script execution in a user’s browser upon WebGUI access. Affected product scope includes all versions of WRC-1167GHBK2-S (per JVN/Red Hat entries); no explicit firmware version fix is provided in the con...

CVE-2024-8653

A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/ . Versions 6.4.0.24248 and ...

CVE-2025-46824

The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit eed3a80 of the discourse-code-review plugin...

CVE-2020-26225

In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link. The problem was introduced in version 4.0.0 and is fixed in 4.2.0...

CVE-2024-26060

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-3402

CVE-2024-3402 affects gaizhenbiao/chuanhuchatgpt version 20240121. A stored XSS vulnerability arises from inadequate sanitization/validation of the model output data, allowing injection/execution of arbitrary JavaScript in the context of other users’ browsers and potentially hijacking victims’ se...

inDrive: XSS on terra-6.indriverapp.com

A Cross-Site Scripting XSS vulnerability was discovered on the terra-6.indriverapp.com domain that allowed javascript code execution in users' browsers...

Cross site scripting

DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting XSS vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page. This attack appear t...