CVE-2025-36577

Dell Wyse Management Suite, versions prior to WMS 5.2, contain an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection...

PT-2025-25018 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing an attacker with limited privileges to inject malicious scripts into vulnerable form fields. This could...

CVE-2025-23036

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the precadastrofuncionario.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious...

CVE-2025-22613

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the informacaoadicional.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts...

CVE-2021-32737

Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection cross-site-scripting in the collection title. The problem is patched in version 1.6.41. As a workaround, on...

CVE-2002-2339

Cross-site scripting XSS vulnerability in configure.asp in Script-Shed GuestBook 1.0 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in 1 image, 2 img, 3 image=right, 4 img=right, 5 image=left, and 6 img=left tags...

CVE-2025-47783

Label Studio

CVE-2025-30009

he Live Auction Cockpit in SAP Supplier Relationship Management SRM uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute malicious script in the victim�s browser. This vulnerability has low impact on confidentiality and...

CVE-2025-22479

Summary: CVE-2025-22479 affects Dell Storage Center / Dell Storage Manager, version 20.0.21. The root cause is an improper limitation of a pathname to a restricted directory, i.e., a path traversal that could allow an unauthenticated, adjacent-network attacker to inject scripts. The public docume...

CVE-2025-23379

Dell Storage Center - Dell Storage Manager, versions 21.0.20, contains an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Script...

PT-2025-18292 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions 4.5.1 through 15.10.12 XWiki versions 16.0.0-rc-1 through 16.4.3 XWiki versions 16.5.0-rc-1 through 16.7.0-rc-1 Description: The Solr script service in XWiki does not account for dropped programming rights. Normally, the Solr...

CVE-2025-23377

Dell PowerProtect Data Manager Reporting, versions 19.17, 19.18 contains an Improper Encoding or Escaping of Output vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to inject arbitrary web script or html in reporting outputs...

CVE-2025-27693

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection...

CVE-2025-29410

A cross-site scripting XSS vulnerability in the component /contact.php of Hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the txtEmail parameter...

CVE-2025-22619

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the editarpermissoes.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts...

CVE-2024-56321

GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 inclusive can allow GoCD admins to abuse the backup configuration "post-backup script" feature to potentially execute arbitrary scripts on the hosting server or container as GoCD's user, rather than pre-configured scripts. I...

Adobe Connect Cross-Site Scripting Vulnerability (CNVD-2025-02841)

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. A security vulnerability exists in Adobe Connect that can be exploited by an attacker to inject malicious scripts into vulnerable form fields...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-9998692)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2023-5049 Giveaways and Contests by RafflePress <= 1.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepressgutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user supplied...

CVE-2022-48311

UNSUPPORTED WHEN ASSIGNED Cross Site Scripting XSS in HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B allows authenticated attacker to inject their own script into the page via HTTP configuration page. NOTE: This vulnerability only affects products tha...