WBCE CMS v1.5.4 - Cross Site Scripting (Stored)

A cross-site scripting XSS vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. id: CVE-2022-45038 info: name: WBCE CMS v1.5.4 - Cross Site Scripting Stored author:...

WBCE CMS v1.5.4 - Cross Site Scripting (Stored)

A cross-site scripting XSS vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field. id: CVE-2022-45037 info: name: WBCE CMS v1.5.4 - Cross Site Scripting Stored author:...

phpIPAM - 1.6 - Cross-Site Scripting

phpIPAM 1.6 contains a cross-site scripting vulnerability via the closeClass parameter at /subnet-masks/popup.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

MindPalette NateMail 3.0.15 - Cross-Site Scripting

MindPalette NateMail 3.0.15 is susceptible to reflected cross-site scripting which could allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note...

WordPress Yuzo <5.12.94 - Cross-Site Scripting

WordPress Yuzo Related Posts plugin before 5.12.94 is vulnerable to cross-site scripting because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can consequently inje...

WordPress JNews Theme <8.0.6 - Cross-Site Scripting

WordPress JNews theme before 8.0.6 contains a reflected cross-site scripting vulnerability. It does not sanitize the catid parameter in the POST request /?ajax-request=jnews with action=jnewsbuildmegacategory. id: CVE-2021-24342 info: name: WordPress JNews Theme =8.0.6 to mitigate the XSS...

Seo Panel 4.8.0 - Cross-Site Scripting

Seo Panel 4.8.0 contains a reflected cross-site scripting vulnerability via the seo/seopanel/login.php?sec=forgot email parameter. id: CVE-2021-3002 info: name: Seo Panel 4.8.0 - Cross-Site Scripting author: edoardottt severity: medium description: Seo Panel 4.8.0 contains a reflected cross-site...

Membership Database <= 1.0 - Cross-Site Scripting

Membership Database before 1.0 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker t...

Bank Locker Management System - Cross-Site Scripting

A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate...

Apache Kafka Client - Arbitrary File Read

Apache Kafka Client contains arbitrary file read and server-side request forgery caused by untrusted configuration of sasl.oauthbearer.token.endpoint.url and sasl.oauthbearer.jwks.endpoint.url, letting attackers read files or send requests to unintended locations, exploit requires untrusted party...

OpenCATS 0.9.6 - Cross-Site Scripting

OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the joborderID parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch...

DokuWiki - Cross-Site Scripting

DokuWiki through 2017-02-19b contains a cross-site scripting vulnerability in the DATEAT parameter to doku.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

EUVD-2026-35578

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

CVE-2026-47935

Adobe Experience Manager version range affected: 6.5.24, LTS SP1, 2026.04 and earlier. The issue is a DOM-based Cross-Site Scripting (XSS) vulnerability that an attacker can exploit by manipulating the DOM to execute malicious JavaScript in a victim’s browser. Exploitation requires user interacti...

Kavita <0.5.4.1 - Server-Side Request Forgery

Kavita before 0.5.4.1 is susceptible to server-side request forgery in GitHub repository kareadita/kavita. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-2756 info: name:...

Viessmann Vitogate 300 - Remote Code Execution

In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method. id: CVE-2023-45852 info: name: Viessmann Vitogate 300 - Remote Code Execution autho...

EUVD-2026-35333

Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape may lead to JavaScript code injection in the browser, potentially resulting in a cross-site scripting XSS vulnerability. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3....

CHIYU TCP/IP Converter - Cross-Site Scripting

CHIYU BF-430, BF-431 and BF-450M TCP/IP Converter devices contain a cross-site scripting vulnerability due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, and ppp.cgi. id: CVE-2021-31250 info: name: CHIYU TCP/IP Converter - Cross-Site Scripting author: geeknik...

Cross-Site Scripting (XSS)

Drupal Ignition Error Pages is vulnerable to Cross-Site Scripting XSS.The vulnerability is due to improper neutralization of user-controlled input during web page generation, which allows an attacker to inject and execute malicious scripts in a user's browser through crafted input...

MAGMI - Cross-Site Request Forgery

MAGMI Magento Mass Importer is vulnerable to cross-site request forgery CSRF due to a lack of CSRF tokens. Remote code execution via phpcli command is also possible in the event that CSRF is leveraged against an existing admin session. id: CVE-2020-5776 info: name: MAGMI - Cross-Site Request...