CVE-2026-39933 Multiple XSS vulnerabilities in GlobalWatchlist

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - GlobalWatchlist Extension allows Cross-Site Scripting XSS. The issue has been remediated on the master branch, and in the release branches for MediaWiki version...

MiracleLinux 3 : drupal-6.4-3AXS3 (AXBA:2008-316:03)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXBA:2008-316:03 advisory. - Multiple cross-site request forgery CSRF vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions vi...

MiracleLinux 3 : drupal-6.4-1AXS3 (AXSA:2008-285:02)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2008-285:02 advisory. Drupal is a free CMS Content Management System software package that allows an individual or a community of users to easily publish, manage and...

CVE-2023-40874

DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting XSS vulnerabilities at /dede/voteadd.php via the votename and voteitem1 parameters...

CVE-2009-4651

Multiple cross-site scripting XSS vulnerabilities in the Webee Comments comwebeecomment component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 color, 2 img, or 3 url BBCode tags in unspecified vectors...

CVE-2009-4842

Multiple cross-site scripting XSS vulnerabilities in ToutVirtual VirtualIQ Pro 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the 1 addNewDept, 2 deptId, or 3 deptDesc parameter to tvserver/server/user/addDepartment.jsp; or the 4 firstName, 5 lastName, or 6 email...

CVE-2009-4859

Multiple cross-site scripting XSS vulnerabilities in Online Work Order Suite OWOS Lite Edition 3.10 allow remote attackers to inject arbitrary web script or HTML via the show parameter to 1 default.asp and 2 report.asp, and the 3 go parameter to login.asp...

CVE-2009-4586

Multiple cross-site scripting XSS vulnerabilities in index.html in Wowd client before 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the 1 sortby, 2 tags, or 3 ctx parameter in a search action...

CVE-2009-4894

Multiple cross-site scripting XSS vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 password or 2 e-mail...

CVE-2021-33348

An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases...

CVE-2016-10892

The chained-quiz plugin before 1.0 for WordPress has multiple XSS issues...

CVE-2022-42746

CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

CVE-2022-42100

KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form...

CVE-2022-42054

Multiple stored cross-site scripting XSS vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields...

CVE-2022-42099

KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input...

CVE-2022-35554

Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side...

CVE-2017-18542

The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues...

CVE-2017-18528

The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issues...

CVE-2017-18575

The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues...

CVE-2008-6278

Multiple cross-site scripting XSS vulnerabilities in product.php in RakhiSoftware Price Comparison Script aka Shopping Cart allow remote attackers to inject arbitrary web script or HTML via the 1 categoryid and 2 subcategoryid parameters...