CVE-2002-2343

Cross-site scripting XSS vulnerability in NOCC 0.9 through 0.9.5 allows remote attackers to inject arbitrary web script or HTML via email messages...

CVE-2009-2959

Cross-site scripting XSS vulnerability in the waterfall web status view status/web/waterfall.py in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2008-7223

Multiple cross-site scripting XSS vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via 1 ftp/index.php, 2 viewer.php, 3 functions/other.php, 4 include/leftmenu.class.php, or 5 plugins/stats/statsview.php...

CVE-2002-2189

Cross-site scripting XSS vulnerability in ActiveXperts Software ActiveWebserver allows remote attackers to execute arbitrary web script via a link...

CVE-2025-4217

The WP YouTube Video Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ibyoutube' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

eCharge Hardy Barth cPH2和eCharge Hardy Barth cPP2 信任管理问题漏洞

The eCharge Hardy Barth cPH2 and eCharge Hardy Barth cPP2 are both an electric vehicle charging station from eCharge. A trust management issue vulnerability exists in eCharge Hardy Barth cPH2 and eCharge Hardy Barth cPP2, which stems from the use of hard-coded credentials in the web interface...

CVE-2024-51106

A cross-site scripting XSS vulnerability in the component mcgs/admin/aboutus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle parameter...

CVE-2025-4194

The AlT Monitoring plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the 'ALTMonitoringedit' page. This makes it possible for unauthenticated attackers to update settings and inject...

CVE-2025-29691

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at /login/LoginsController.java...

CVE-2025-29688

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /daymanager/daymanageabilitycontroller.java...

CVE-2025-4579

The WP Content Security Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blocked-uri and effective-directive parameters in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2025-29690

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /address/AddrController.java...

CVE-2025-29691

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at /login/LoginsController.java...

CVE-2025-29689

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at /mail/MailController.java...

CVE-2025-29689

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the password parameter at /mail/MailController.java...

CVE-2025-29690

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /address/AddrController.java...

CVE-2025-29691

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the userName parameter at /login/LoginsController.java...

CVE-2025-29688

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /daymanager/daymanageabilitycontroller.java...

CVE-2025-29688

CVE-2025-29688 affects OA System prior to version 2025.01.01. It is a cross-site scripting (XSS) vulnerability where a crafted payload injected into the title parameter of the /daymanager/daymanageabilitycontroller.java endpoint allows execution of arbitrary web scripts or HTML. Root cause: insuf...

CVE-2025-29690

OA System is affected by CVE-2025-29690: an XSS vulnerability in versions prior to 2025.01.01 reachable via the outtype parameter in /address/AddrController.java. Root cause: improper handling/escaping of input leads to execution of arbitrary scripts/HTML. Impact per sources is low/medium in CVSS...