CVE-2023-29847

AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting XSS vulnerabilities via the commentauthor and commentcontent parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload...

CVE-2019-7172

A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/core/users/admins/myedit.php...

CVE-2019-7344

Reflected XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code in the view 'filter' as it insecurely prints the 'filterName' aka Filter name value on the web page without applying any proper filtration...

EUVD-2017-6247

Malware in sbrugna...

EUVD-2019-1757

Malware in sbrugna...

EUVD-2007-1488

Malware in sbrugna...

EUVD-2025-21698

Malicious code in bioql PyPI...

CVE-2025-32019 Harbor's repository description page allows for XSS

Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0-rc1 and 2.13.0-rc1, contain a vulnerability where the markdown field in the info tab page can be exploited to inject XSS code. This is fixed ...

CVE-2021-32641

auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including 11.30.0 are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's flashMessage feature is utilized and user input or data from URL parameters is incorporated into the flashMessage ...

CVE-2019-0213

In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva...

PT-2025-20881 · Centreon · Centreon Web

Name of the Vulnerable Software and Affected Versions: Centreon web versions 22.10.0 through 22.10.29 Centreon web versions 23.04.0 through 23.04.27 Centreon web versions 23.10.0 through 23.10.22 Centreon web versions 24.04.0 through 24.04.11 Centreon web versions 24.10.0 through 24.10.5...

CVE-2024-50861

The ipmoddnskeyform.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the "TSIG Key" field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks...

PT-2024-28738 · Unknown · Vaultwarden

Name of the Vulnerable Software and Affected Versions: Vaultwarden formerly Bitwarden RS version 1.30.3 Description: A stored cross-site scripting XSS or HTML injection issue has been discovered in the admin dashboard. This potentially allows an authenticated attacker to inject malicious code int...

CVE-2024-32547

CVE-2024-32547 is a Reflected XSS in the Code Insert Manager (Q2W3 Inc Manager) WordPress plugin. Affected: Code Insert Manager versions n/a through 2.5.3. Root cause: improper neutralization during web page generation. Impact per sources: potential for injection via input; CVSSv3.1 v3.1 metrics ...

CVE-2023-45757

Security vulnerability in Apache bRPC 1.6.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ 2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2411 3. disable rpcz feature...

CVE-2023-38255

A potential attacker with or without cookie theft access to the device would be able to include malicious code XSS when uploading new device configuration that could affect the intended function of the device...

CVE-2023-26100

In Progress Flowmon before 12.2.0, an application endpoint failed to sanitize user-supplied input. A threat actor could leverage a reflected XSS vulnerability to execute arbitrary code within the context of a Flowmon user's web browser...

CVE-2023-22252 AEM Reflected XSS Arbitrary code execution

Experience Manager versions 6.5.15.0 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

PT-2023-12192 · Izimodal · Izimodal

Name of the Vulnerable Software and Affected Versions: iziModal versions prior to 1.6.1 Description: The issue arises when handling untrusted modal titles, allowing an attacker to influence the title field and supply arbitrary html or javascript code. This code will be rendered in the context of ...

Design/Logic Flaw

An issue was discovered in HFish 0.5.1. When a payload is inserted where the name is entered, XSS code is triggered when the administrator views the information...