EUVD-2025-35655

Movable Type contains a stored cross-site scripting vulnerability in Edit CategorySet of ContentType page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may be executed on the web browser of the user who accesses Edit CategorySet of...

EUVD-2011-1709

Malware in sbrugna...

EUVD-2017-10131

Malware in sbrugna...

CVE-2025-41439

A reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an arbitrary script may be executed in the web browser of the user who accessed the product...

CVE-2023-38569

Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product...

CVE-2024-52857

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-41930

Cross-site scripting vulnerability exists in MF Teacher Performance Management System version 6. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product...

CVE-2024-41705

A stored XSS issue was discovered in Archer Platform 6.8 before 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the...

JVN#56781258: Splunk Config Explorer vulnerable to cross-site scripting

Splunk Config Explorer provided by Chris Younger contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is using the product. Solution Update the software Update the software to the latest version according to...

CVE-2024-26018

Cross-site scripting vulnerability exists in TvRock 0.9t8a. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a...

Dell iDRAC9 Cross-site Scripting (CVE-2021-21543)

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected parameters. Wh...

CVE-2023-47215

Stored cross-site scripting vulnerability which is exploiting a behavior of the XSS Filter exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

CVE-2023-37502 An unrestricted file upload vulnerability affects HCL Compass

HCL Compass is vulnerable to lack of file upload security. An attacker could upload files containing active code that can be executed by the server or by a user's web browser...

CVE-2020-29496

Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with high privileges could exploit this vulnerability to store malicious HTML or JavaScript code while creating the Enduser. When victim users access the...

Cross site scripting

Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code. When victim users access the...

JVN#56167268: HumHub vulnerable to cross-site scripting

HumHub is a software framework for developing a social networking service SNS. HumHub contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provide...

JVN#91016415: Maroyaka Relay Novel vulnerable to cross-site scripting

Maroyaka Relay Novel provided by Maroyaka CGI is a CGI script for posting text into a website. Maroyaka Relay Novel contains a persistent cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest...

JVN#23981867: Multiple cross-site scripting vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains multiple cross-site scripting vulnerabilities. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the...

JVN#63650108: Smarty vulnerable to cross-site scripting

Smarty is a template engine for PHP. Smarty contains a cross-site scripting vulnerability when displaying an error message. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the...

JVN#76515037: PukiWiki Plus! vulnerable to cross-site scripting

PukiWiki Plus! is a software that adds wiki functionality to websites. PukiWiki Plus! contains a vulnerability in handling web form entries, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the...