1736 matches found
CVE-2026-8253
A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. Affected by this vulnerability is an unknown functionality of the file /inventory/purchasesave. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available a...
CVE-2023-43951
SSCMS 7.2.2 was discovered to contain a cross-site scripting XSS vulnerability via the Column Management component...
CVE-2023-43353
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component...
CVE-2023-49486
JFinalCMS v5.0.0 was discovered to contain a cross-site scripting XSS vulnerability in the model management department...
CVE-2023-4167
A vulnerability was found in Media Browser Emby Server 4.7.13.0 and classified as problematic. This issue affects some unknown processing of the file /web/. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may b...
CVE-2023-40869
Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1.6 and 3.1.7 allows a remote attacker to execute arbitrary code via a crafted script to the editmenu, copuon, and groupcategorias functions...
CVE-2018-6002
The Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\templates\front-end.php warsoundypreview parameter...
CVE-2022-33154
The schema aka Embedding schema.org vocabulary extension before 1.13.1 and 2.x before 2.5.1 for TYPO3 allows XSS...
CVE-2022-37796
In Simple Online Book Store System 1.0 in /adminbook.php the Title, Author, and Description parameters are vulnerable to Cross Site ScriptingXSS...
CVE-2022-0884
The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting attacks even when unfilteredhtml is disallowed...
CVE-2017-12655
Cross-Site Scripting XSS exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action...
CVE-2020-12811
An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting XSS via the Identify Provider name field...
CVE-2020-23049
Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the Displayname field when using the Add, Edit or Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML...
CVE-2015-0917
Cross-site scripting XSS vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php...
CVE-2021-41142
Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. There is a cross-site scripting vulnerability in Tuleap Community Edition prior to 12.11.99.25 and Tuleap Enterprise Edition 12.11-2. A malicious user with the capability to add and...
CVE-2022-42985
The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform cross-site scripting XSS...
CVE-2023-29183
An improper neutralization of input during web page generation 'Cross-site Scripting' vulnerability CWE-79 in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated...
CVE-2021-22260
A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the...
CVE-2025-23591
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in blulogistics1 blu Logistics blu-logistics allows Reflected XSS.This issue affects blu Logistics: from n/a through = 1.0.0...
CVE-2025-23452
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EditionGuard EditionGuard for WooCommerce – eBook Sales with DRM editionguard-for-woocommerce-ebook-sales-with-drm allows Reflected XSS.This issue affects EditionGuard for WooCommerce – eBook Sales...