CVE-2026-47974

Adobe Experience Manager (AEM) 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored XSS vulnerability. A low-privileged attacker can inject malicious scripts into vulnerable form fields, leading to JavaScript execution in the victim’s browser when visiting the page containing the field. ...

CVE-2019-25311

thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operatingsystem, systemowner, systemusername, systempassword,...

PT-2026-7606

Name of the Vulnerable Software and Affected Versions thesystem version 1.0 Description thesystem version 1.0 has a persistent cross-site scripting issue. Attackers can inject malicious scripts through several server data input fields. Specifically, crafted script payloads can be submitted in the...

CVE-2020-37072

Victor CMS 1.0 is affected by a stored cross-site scripting (XSS) flaw in the 'comment_author' POST parameter. The vulnerability allows an attacker to inject JavaScript that executes in a victim’s browser when comments are processed. Documented as CVE-2020-37072, the issue is described with a net...

CVE-2025-40892

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a...

CVE-2025-64850 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2025-55104 BUG-000173918 - ArcGIS Enterprise Sites has a security vulnerability.

A stored cross-site scripting XSS vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to add and store an XSS payload. If this stored XSS payload is triggered by any user attacker supplied JavaScript may execute ...

CVE-2025-47091

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2023-38214

Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

HCL Verse Cross-Site Scripting Vulnerability

HCL Verse is a mobile application for accessing emails and life plan management from HCL India. A cross-site scripting vulnerability exists in HCL Verse v10 and v11, which stems from mishandling of message content and is susceptible to stored cross-site scripting attacks XSS. A remote attacker...

CVE-2019-3747

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious HTML or JavaScript code in Cloud DR add-on specific field. When victim users...

Barracuda Networks IM Firewall Cross-Site Scripting Vulnerability

Barracuda Networks IM Firewall is an instant messaging solution from Barracuda Networks that integrates an IM server, client management and security measures. The solution provides keyword identification and reporting, file transfer, IM traffic identification and logging. A cross-site scripting...