CVE-2024-13859

The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bpnouveauajaxmediasave’ function in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin Able Player cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Able Playe...

CVE-2025-23377

CVE-2025-23377 affects Dell PowerProtect Data Manager Reporting (versions 19.17–19.18). The issue is improper encoding/escaping of output in reporting outputs, enabling a high-privileged local attacker to inject arbitrary web script or HTML into reports. The connected PT-Security advisory notes t...

CVE-2024-53568

A stored cross-site scripting XSS vulnerability in the Image Upload section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the tag parameter...

CVE-2023-43378

A cross-site scripting XSS vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento11 parameter...

CVE-2024-41447

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...

CVE-2025-29209

TOTOLINK X18 v9.1.0cu.2024B20220329 has an unauthorized arbitrary command execution in the enable parameter' of the sub41105C function of cstecgi .cgi...

phpIPAM cross-site scripting vulnerability (CNVD-2025-06929)

phpIPAM is phpIPAM open source set of open source PHP and MySQL based IP address management application IPAM. phpIPAM suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an...

StudentServlet-JSP Cross-Site Scripting Vulnerability

StudentServlet-JSP is a student course grades teacher information management system . StudentServlet-JSP has a cross-site scripting vulnerability , the vulnerability stems from the parameter Name on the user-supplied data lack of effective filtering and escaping , an attacker to exploit the...

ForestBlog keywords parameter cross-site scripting vulnerability

ForestBlog is a blogging system. A cross-site scripting vulnerability exists in ForestBlog 20250321 and earlier versions, which stems from the lack of effective filtering and escaping of user-supplied data by the parameter keywords, and can be exploited by an attacker to execute arbitrary Web...

BIT-DOLIBARR-2020-7994

Multiple cross-site scripting XSS vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 labellibelle parameter to the /htdocs/admin/dict.php?id=3 page; the 2 nameconstname parameter to the /htdocs/admin/const.php?mainmenu=home page; the 3...

Yonyou UFIDA ERP-NC /menu.jsp file cross-site scripting vulnerability

Yonyou UFIDA ERP-NC is a kind of Enterprise Resource Planning ERP software, which is mainly used for financial management, supply chain management, production management and customer relationship management of enterprises. Yonyou UFIDA ERP-NC suffers from a cross-site scripting vulnerability that...

Yonyou UFIDA ERP-NC /help/top.jsp file cross-site scripting vulnerability

Yonyou UFIDA ERP-NC is a kind of Enterprise Resource Planning ERP software, which is mainly used for financial management, supply chain management, production management and customer relationship management of enterprises. Yonyou UFIDA ERP-NC suffers from a cross-site scripting vulnerability that...

phpIPAM Device Management Partial Cross-Site Scripting Vulnerability

phpIPAM is phpIPAM open source set of open source PHP and MySQL based IP address management application IPAM. A cross-site scripting vulnerability exists in phpIPAM version 1.5.2, which stems from the lack of effective filtering and escaping of user-supplied data in the Device Management section,...

ChuanhuChatGPT Cross-Site Scripting Vulnerability

ChuanhuChatGPT is an application that provides a lightweight and easy-to-use web GUI and many additional features for a wide range of LLMs such as ChatGPT. ChuanhuChatGPT suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping o...

Apache Oozie Cross-Site Scripting Vulnerability

Apache Oozie is an application from the Apache Apache Foundation, USA. Provides a workflow scheduler system for managing Apache Hadoop job functions. Apache Oozie has a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied...

CVE-2025-1490

CVE-2025-1490 concerns the WordPress plugin Smart Maintenance Mode . The vulnerability is a Reflected Cross-Site Scripting via the setstatus parameter in all versions up to 1.5.2, due to insufficient input sanitization and output escaping. This could allow unauthenticated attackers to inject scri...

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability on Liferay Portal 7.4.3.82 through 7.4.3.128, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 82 through update 92 in the Frontend JS module's...

CVE-2025-2369

A vulnerability was found in TOTOLINK EX1800T up to 9.1.0cu.2112B20220316. It has been classified as critical. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument admpass leads to stack-based buffer overflow. It is possible to launch the atta...

CVE-2024-13497

The WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via attachment uploads in all versions up to, and including, 8.0.9 due to insufficient input sanitization and output escaping. This makes it possib...