CVE-2023-48903

Stored Cross-Site Scripting XSS vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php...

Cisco IP Phones 8800 Series Cross-Site Scripting (CVE-2016-1476)

Cross-site scripting XSS vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024. This plugin only works with Tenable.ot. Please visit...

Scholars Tracking System Cross-Site Scripting Vulnerability

Scholars Tracking System is a scholars tracking system by the individual developer Fabian Ros. Scholars Tracking System version 1.0 suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be...

SAP NetWeaver AS Cross-Site Scripting Vulnerability (CNVD-2024-13534)

SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but also the basic platform for SAP software. A cross-site scripting vulnerability exists in SAP NetWeaver AS ABAP, which stems from insufficiently coded user-controlled input in SAP GUI for...

Kirby CMS Cross-Site Scripting Vulnerability

Kirby is a document-based content management system CMS. A cross-site scripting vulnerability exists in Kirby CMS version v4.1.0, which stems from a lack of effective filtering and escaping of user-supplied data in link fields, and can be exploited by an attacker to execute arbitrary web script o...

CVE-2024-2123

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and...

Customer Support System Cross-Site Scripting Vulnerability (CNVD-2024-14026)

Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a cross-site scripting vulnerability that stems fro...

Customer Support System Cross-Site Scripting Vulnerability

Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a cross-site scripting vulnerability that stems fro...

Customer Support System Cross-Site Scripting Vulnerability (CNVD-2024-14027)

Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a cross-site scripting vulnerability that stems fro...

Customer Support System Cross-Site Scripting Vulnerability (CNVD-2024-14028)

Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a cross-site scripting vulnerability that stems fro...

Customer Support System Cross-Site Scripting Vulnerability (CNVD-2024-14025)

Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a cross-site scripting vulnerability that stems fro...

PT-2024-11732 · Unknown · Online Flight Booking Management System

Name of the Vulnerable Software and Affected Versions: Online Flight Booking Management System version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter in the add-airline form. This enables the execution...

BIT-SUITECRM-2020-14208

SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting XSS in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML...

BIT-MOODLE-2021-32244

Cross Site Scripting XSS in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field...

BIT-PHPLIST-2020-36398

A stored cross site scripting XSS vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module...

BIT-ODOO-2021-26263

Cross-site scripting XSS issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents...

BIT-ODOO-2021-26947

Cross-site scripting XSS issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via a crafted link...

BIT-OPENFIRE-2020-24604

A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescriptio...

BIT-MYBB-2020-19048

Cross Site Scripting XSS in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Title" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'...

BIT-ODOO-2021-44461

Cross-site scripting XSS issue in Accounting app of Odoo Enterprise 13.0 through 15.0, allows remote attackers who are able to control the contents of accounting journal entries to inject arbitrary web script in the browser of a victim...