Oracle Content Server - Cross-Site Scripting

Oracle Content Server version 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0 are susceptible to cross-site scripting. The vulnerability can be used to include HTML or JavaScript code in the affected web page. The code is executed in the browser of users if they visit the manipulated site. id: CVE-2017-100...

Moodle LTI module Reflected - Cross-Site Scripting

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...

CVE-2025-3929

An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window, and...

CVE-2024-48531

CVE-2024-48531 is a reflected XSS vulnerability in the Rental Availability module of eSoft Planner 3.24.08271-USA. The issue allows an attacker to execute arbitrary code in a user’s browser by injecting a crafted payload. The CVSS v3.1 base score is 5.4 (MEDIUM): Network vector, low attack comple...

CVE-2024-48534

The CVE-2024-48534 entry corresponds to a reflected cross-site scripting (XSS) vulnerability in the Camp Details module of eSoft Planner 3.24.08271-USA. Across sources (NVD, Red Hat, CNNVD, CVE records, PT- security, and enrichment feeds), the issue is described as an attacker injecting a crafted...

CVE-2024-48531

A reflected cross-site scripting XSS vulnerability on the Rental Availability module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...

CVE-2023-2332 Stored Cross-site Scripting (XSS) in pimcore/pimcore

A stored Cross-site Scripting XSS vulnerability exists in the Conditions tab of Pricing Rules in pimcore/pimcore versions 10.5.19. The vulnerability is present in the From and To fields of the Date Range section, allowing an attacker to inject malicious scripts. This can lead to the execution of...

CVE-2021-3841

CVE-2021-3841 affects sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2, where stored XSS can be triggered via SVG files uploaded or rendered by the application. The root cause is an SVG handling vulnerability that allows injection of malicious scripts executed in the user’s browser. Im...

CVE-2021-3841 Stored Cross-site Scripting (XSS) in sylius/sylius

sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting XSS through SVG files. This vulnerability allows attackers to inject malicious scripts that can be executed in the context of the user's browser...

GHSA-79JV-5226-783F OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand

Summary The export-rows command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page that submits a form POST that contains embedded JavaScript code. This code would then ...

OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand

Summary The export-rows command can be used in such a way that it reflects part of the request verbatim, with a Content-Type header also taken from the request. An attacker could lead a user to a malicious page that submits a form POST that contains embedded JavaScript code. This code would then ...

CVE-2024-46655

A reflected cross-site scripting XSS vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL...

MAL-2024-8727 Malicious code in esdjiw (npm)

The package contains obfuscated code to load content from a suspicious external domain in the user's browser --- -= Per source details. Do not edit below this line.=-...

CVE-2024-7938

A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-7932 Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer on Release 3DEXPERIENCE R2024x

A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer Release on 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2024-5624 Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL

Reflected Cross-Site Scripting XSS in Shift Logbook application of B&R APROL = R 4.4-00P3 may allow a network-based attacker to execute arbitrary JavaScript code in the context of the user's browser session...

CVE-2024-44777

A reflected cross-site scripting XSS vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...

CVE-2024-44778

CVE-2024-44778 is a reflected XSS in the parent parameter of the vTiger CRM 7.4.0 index page. The vulnerability allows an attacker to execute arbitrary code in the context of a user’s browser by injecting a crafted payload, with PoCs circulating (e.g., a provided demo/PoC URL). Public references ...

CVE-2024-43006

A stored cross-site scripting XSS vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to /user/askedit.php?action=add, which includes malicious JavaScript code in the 'content' parameter. Whe...

CVE-2024-43006

ZZCMS2023 contains a stored XSS in /user/ask_edit.php?action=add via the content parameter. When an attacker injects JavaScript in content and a user loads ask/show_{newsid}.html, the script runs in the user’s browser, potentially stealing cookies or session tokens. Affected component: ZZCMS2023,...