PT-2026-25717

Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads...

EUVD-2026-8519

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aysblock' shortcode in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...

CVE-2026-2686

CVE-2026-2686 affects SECCN Dingcheng G10 3.1.0.181203. The vulnerability is in the function qq of the file /cgi-bin/session_login.cgi, where manipulating the User parameter leads to remote OS command injection. Public PoC/exploit details exist; exploitation is possible remotely and has been disc...

PT-2026-20658

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in wpeverest Everest Forms everest-forms allows Code Injection.This issue affects Everest Forms: from n/a through = 3.4.1...

CVE-2019-25394

Smoothwall Express 3.1-SP4-polar-x8664-update9 contains multiple stored cross-site scripting vulnerabilities in the modem.cgi script that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted payloads in parameters like INIT, HANGUP, SPEAKERON,...

EUVD-2026-6131

A weakness has been identified in Wavlink WL-WN579A3 up to 20210219. This affects the function AddMac of the file /cgi-bin/wireless.cgi. This manipulation of the argument macAddr causes command injection. The attack is possible to be carried out remotely. The exploit has been made available to th...

CVE-2025-70297

A stored cross-site scripting XSS vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser...

CVE-2025-69213

OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajaxcomplete.php endpoint when handling the getsedi operation. An authenticated attacker can inject malicious SQL code through the...

VulnCheck KEV: CVE-2025-14586

A vulnerability was determined in TOTOLINK X5000R 9.1.0cu.2089B20211224. Affected by this issue is the function snprintf of the file /cgi-bin/cstecgi.cgi?action=exportOvpn&type=user. This manipulation of the argument User causes os command injection. Remote exploitation of the attack is possible...

miniBB 3.1 Cross Site Scripting

A cross site scripting vulnerability exists in miniBB Forum version 3.1. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

CVE-2014-4945

Multiple cross-site scripting XSS vulnerabilities in Horde Internet Mail Program IMP before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic 1 mailbox or 2 message view...

CVE-2014-4856

Cross-site scripting XSS vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ratings shortcode and a unique ID. NOTE: some of these details are obtained from third party informati...

CVE-2014-4308

Multiple cross-site scripting XSS vulnerabilities in NICE Recording eXpress aka Cybertech eXpress before 6.5.5 allow remote attackers to inject arbitrary web script or HTML via the 1 USRLNM parameter to myaccount/mysettings.edit.validate.asp or the frame parameter to 2...

CVE-2014-4335

Multiple cross-site scripting XSS vulnerabilities in BarracudaDrive 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the 1 host or 2 password parameter to rtl/protected/admin/ddns/...

CVE-2005-1713

Multiple cross-site scripting XSS vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 templatedropdown and 2 shoutbox plugins...

CVE-2005-1715

Cross-site scripting XSS vulnerability in index.php for TOPo 2.2 2.2.178 allows remote attackers to inject arbitrary web script or HTML via the 1 m, 2 s, 3 ID, or 4 t parameters, or the 5 field name, 6 Your Web field, or 7 email field in the comments section...

CVE-2005-1085

Cross-site scripting XSS vulnerability in the control panel in aeDating 3.2 allows remote attackers to inject arbitrary web script or HTML...

CVE-2023-43830

A Cross-site scripting XSS vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'...

CVE-2023-29636

Cross site scripting XSS vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString...

CVE-2023-50566

A stored cross-site scripting XSS vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security Registration Number parameter...