CVE-2020-10469

Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...

CVE-2020-25343

Cross-site scripting XSS vulnerabilities in Symphony CMS 3.0.0 allow remote attackers to inject arbitrary web script or HTML to fields'body' param via events\event.publisharticle.php...

CVE-2020-29455

A cross-Site Scripting XSS vulnerability in this.showInvalid and this.showInvalidCountry in SmartyStreets liveAddressPlugin.js 3.2 allows remote attackers to inject arbitrary web script or HTML via any address parameter e.g., street or country...

CVE-2020-35309

Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross-site scripting XSS which allows remote attackers to inject an arbitrary web script or HTML in admin dashboard - "Categories"...

CVE-2020-25011

A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to get username and password by request /cgi-bin/webadminget.cgi script via the browser...

CVE-2020-26642

A cross-site scripting XSS vulnerability has been discovered in the login page of SeaCMS version 11 which allows an attacker to inject arbitrary web script or HTML...

CVE-2020-23208

A stored cross site scripting XSS vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Send test" field under the "Start or continue campaign" module...

CVE-2020-20699

A cross site scripting XSS vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings...

CVE-2014-7983

Cross-site scripting XSS vulnerability in comcontact in Joomla! CMS 3.1.2 through 3.2.x before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-3842

Multiple cross-site scripting XSS vulnerabilities in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 decrypt or 2 encrypt parameter...

CVE-2014-3923

Multiple cross-site scripting XSS vulnerabilities in the Digital Zoom Studio DZS Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the logoLink parameter to 1 preview.swf, 2 previewskinrouge.swf, 3 previewallchars.swf, or 4 previewskinoverlay.swf...

CVE-2014-5101

Multiple cross-site scripting XSS vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 TPLname, 2 TPLnick, 3 TPLemail, 4 TPLyear, 5 TPLaddress, 6 TPLcity, 7 TPLprov, 8 TPLzip, 9 TPLphone, 10 TPLppemail, 11 TPLauthnetid, 12 TPLauthnetpass, 13...

CVE-2014-9740

Cross-site scripting XSS vulnerability in the Rules Link module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer rules links" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the 1 question and 2...

CVE-2014-9516

Cross-site scripting XSS vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI, related to the "Web Site" input in the Profile section...

CVE-2014-9103

Multiple cross-site scripting XSS vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 index value of an array parameter or the filename parameter in the Content-Disposition header to the 2 file or 3 profile image...

CVE-2014-8307

Multiple cross-site scripting XSS vulnerabilities in skins/default/outline.tpl in C97net Cart Engine before 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 path parameter in the "drop down TOP menu with path" section or 2 printthispage variable in the footercontentbloc...

CVE-2018-1000219

OpenEMR version v5014 contains a Cross Site Scripting XSS vulnerability in The 'scan' parameter in line 41 of interface/fax/faxview.php that can result in The vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.. This attack appear to be exploitable via...

CVE-2018-8047

vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting XSS vulnerability affecting version 7.0.1 and probably prior versions. This vulnerability could allow remote unauthenticated attackers to inject arbitrary web script or HTML via index.php?module=Contacts=List app parameter...

CVE-2010-3314

Cross-site scripting XSS vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to inject arbitrary web script or HTML via the lang parameter...

CVE-2010-5018

Cross-site scripting XSS vulnerability in products/classified/headersearch.php in 2daybiz Online Classified Script allows remote attackers to inject arbitrary web script or HTML via the sid parameter...