CVE-2026-21290

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may...

CVE-2025-12872 aEnrich｜eHRD - Stored Cross-Site Scripting

The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will execute on the client side when a user is tricked into visiting a specific URL...

EUVD-2025-60950

The YSlider plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 1.1. This is due to missing nonce verification on the content configuration page and insufficient input sanitization and output escaping. This makes it...

Magento vulnerable to stored Cross-Site Scripting (XSS)

Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...

CVE-2025-47041

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

Stored Cross-Site Scripting (XSS)

microweber is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability lies in the "Dashboard" module, allowing an attacker to inject a malicious script which will be executed once a user visits the affected page...

Cross-site Scripting (XSS)

intelliants/subrion is vulnerable to cross-site scripting XSS. An attacker can inject xss payload on the “payment gateway” column and save the entry to get it executed when a user visits the page...

CVE-2020-35396

EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting XSS via the index.php. An Attacker is able to inject the XSS payload in the web application each time a user visits the website...

Cross-site Scripting (XSS)

Croogo is vulnerable to cross-site scripting XSS. The attacker can inject malicious script in the title parameter of admin/menus/menus or admin/taxonomy/vocabularies, causing the malicious script to be executed when a user visits the page...

Click Logger

Added: 09/30/2009 Background This tool runs an exploit server which simply returns an error page and logs which users visited it. It can be used to find out which users were susceptible to clicking on the link in an e-mail message. Limitations The target must be present in the license key but is...

Click Logger

Added: 09/30/2009 Background This tool runs an exploit server which simply returns an error page and logs which users visited it. It can be used to find out which users were susceptible to clicking on the link in an e-mail message. Limitations The target must be present in the license key but is...