12 matches found
CVE-2026-7481
GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to execute arbitrary JavaScript in other users' browsers due to improper input...
EUVD-2026-30240
GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to execute arbitrary JavaScript in other users' browsers due to improper input...
CVE-2026-44369
CVAT is an open source interactive video and image annotation tool for computer vision. From 2.5.0 to 2.63.0, an attacker who is able to create or edit an annotation guide on a task is able to add malicious JavaScript code, which will then run in the browser of anyone who opens this annotation...
BIT-GITLAB-2026-4332 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due...
PT-2026-32229
Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in user's browser...
CVE-2026-4332
GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due...
Bematech MP-4200 TH 跨站脚本漏洞
The Bematech MP-4200 TH is a thermal receipt printer produced by the British company Bematech. The Bematech MP-4200 TH has a cross-site scripting vulnerability. This vulnerability stems from a cross-site scripting vulnerability present in the administrator configuration page, which may allow...
CVE-2025-53523
Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. A logged-in user can prepare a malicious page or URL, and an arbitrary script may be executed on the web browser when...
CVE-2025-63417
A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat message input field. This malicious content is stored and then executed in the context of other users'...
PhpUploader 跨站脚本漏洞
PhpUploader is a simple Php uploader by the Japanese individual developer Shimosyan. PhpUploader suffers from a cross-site scripting vulnerability that stems from insufficient handling of user-supplied data. A remote attacker can exploit this vulnerability to permanently inject and execute...
Chamilo LMS Cross-Site Scripting Vulnerability (CNVD-2016-02403)
Chamilo LMS is an open source online learning and collaboration system developed by the Chamilo Association. The system supports the creation of instructional content, distance training and online question and answer sessions. Chamilo LMS suffers from a cross-site scripting vulnerability that ste...
RWiki cross-site scripting vulnerability
Overview RWiki, software written in Ruby providing Wiki functions, contains a cross-site scripting vulnerability, as content is not adequately escaped for display. Impact A remote attacker could upload content containing malicious code to a server running vulnerable RWiki. As a result, an arbitra...