CVE-2009-3856

Cross-site scripting XSS vulnerability in the default URI in news/ in Twilight CMS before 4.1 allows remote attackers to inject arbitrary web script or HTML via the calendar parameter. NOTE: some of these details are obtained from third party information...

CVE-2009-3521

Multiple cross-site scripting XSS vulnerabilities in the Visualization Engine VE in IBM Tivoli Composite Application Manager for WebSphere ITCAM 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2001-1516

Cross-site scripting XSS vulnerability in phpReview 0.9.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via user-submitted reviews...

CVE-2009-2454

Cross-site scripting XSS vulnerability in Citrix Web Interface 4.6, 5.0, and 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-2448

Cross-site scripting XSS vulnerability in ogpshow.php in Online Guestbook Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via the searchchoice parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2009-2447

Multiple cross-site scripting XSS vulnerabilities in ogpshow.php in Online Guestbook Pro 5.1 allow remote attackers to inject arbitrary web script or HTML via the 1 search or 2 display parameter...

CVE-2008-7121

Cross-site scripting XSS vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search bar...

CVE-2009-2440

Cross-site scripting XSS vulnerability in index.php in JNM Guestbook 3.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter...

CVE-2005-4167

Cross-site scripting XSS vulnerability in eFiction 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the let parameter in a viewlist action to titles.php...

CVE-2007-6365

Cross-site scripting XSS vulnerability in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 allows remote attackers to inject arbitrary web script or HTML via the month parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2007-0437

Multiple cross-site scripting XSS vulnerabilities in the sample Cache' Server Page CSP scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via 1 the TO parameter to loop.csp, 2 the VALUE parameter to cookie.csp, and 3 the PAGE parameter to showsource.csp i...

CVE-2008-5842

Multiple cross-site scripting XSS vulnerabilities in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via vectors associated with 1 a demo application shipped with WebTransactions and possibly 2 an unspecified...

CVE-2006-7238

Cross-site scripting XSS vulnerability in MyShoutPro before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2006-6534

Multiple cross-site scripting XSS vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the 1 set parameter to admin/modules.php, the 2 selectedbox parameter to definitiva/admin/customers.php, the 3 lID parameter to admin/languagesdefinitions.php, o...

PYSEC-2025-124

Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, session hijacking, unauthorized actions on behalf of the user, and other attack...

CVE-2025-29690

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /address/AddrController.java...

TOTOLINK多款产品 安全漏洞

TOTOLINK A3100R and others are products of China's Gion Electronics TOTOLINK.TOTOLINK A3100R is a series of wireless routers.TOTOLINK A950RG is an Ultra Generation Giga wireless router.TOTOLINK T10 is a wireless network system router. A security vulnerability exists in several TOTOLINK products...

CVE-2025-45236

A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...

TOTOLINK N150RT IP Port Filtering Component Cross-Site Scripting Vulnerability

The TOTOLINK N150RT is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N150RT version 3.4.0-B20190525 suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the IP Port Filtering component, whi...

IBM Operational Decision Manager Cross-Site Scripting Vulnerability

IBM Operational Decision Manager is a decision management solution from International Business Machines IBM used to help organizations better manage and enforce business rules and decisions. IBM Operational Decision Manager suffers from a cross-site scripting vulnerability that stems from the...