CWE-79: Cross-site Scripting (XSS)

This stored XSS vulnerability in SUSE Rancher allows authenticated users with write permissions to inject malicious scripts that execute in administra...

This CVE describes a cross-site scripting (XSS) vulnerability in phpMyFAQ software versions prior to 3.1.11. Attackers can inject malicious scripts in...

This is a cross-site scripting (XSS) vulnerability in McAfee Data Loss Prevention ePO extension that allows remote attackers to hijack active administ...

This vulnerability allows authenticated admin users in Sulu CMS to inject malicious scripts into collection titles, leading to cross-site scripting (X...

A stored cross-site scripting (XSS) vulnerability in Chamilo LMS allows teachers to inject malicious JavaScript into the glossary function, which exec...

This CVE describes a Cross-Site Scripting (XSS) vulnerability in Saastech Cleaning and Internet Services Inc.'s TemizlikYolda software. Attackers can ...

This cross-site scripting (XSS) vulnerability in Azure Cosmos DB allows attackers to inject malicious scripts into web pages generated by the database...

This vulnerability allows attackers to spoof content in the Microsoft Defender portal through cross-site scripting (XSS). It affects organizations usi...

An authenticated stored XSS vulnerability in Bagisto 2.3.6 allows admin users to upload malicious SVG files containing JavaScript code. When viewed, t...

A Cross-Site Scripting (XSS) vulnerability in Nagios Log Server v.2024R1.3.1 allows remote attackers to inject malicious scripts via the Email field. ...

This stored cross-site scripting (XSS) vulnerability in Moodle's site administration live log allows attackers to inject malicious scripts that execut...

This reflected cross-site scripting (XSS) vulnerability in Moodle's question bank filter allows attackers to inject malicious scripts into web pages v...

A stored XSS vulnerability in WeGIA's CobrancaController.php endpoint allows attackers to inject malicious scripts via the local_recepcao parameter. T...

A stored XSS vulnerability in WeGIA's cadastrarSocio.php endpoint allows attackers to inject malicious scripts into the local_recepcao parameter. Thes...

This Cross-Site Scripting (XSS) vulnerability in WeGIA's file upload functionality allows attackers to upload malicious files containing JavaScript co...

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress forms created with the Formidable Form Builder plugin. ...

CVE-2024-47061 is a security vulnerability in Plate JavaScript toolkit that allows malicious actors to inject custom DOM attributes, potentially leadi...

This vulnerability in the wp-eMember WordPress plugin allows attackers to inject malicious scripts via the 'fieldId' parameter, which are then execute...

This is a cross-site scripting (XSS) vulnerability in TIBCO JasperReports Server that allows attackers to inject malicious scripts into the applicatio...

This vulnerability allows unauthenticated attackers to inject malicious scripts into web pages generated by LiteSpeed Cache, leading to stored cross-s...

This Cross-Site Scripting (XSS) vulnerability affects Supermicro X11SSM-F, X11SAE-F, and X11SSE-F devices running firmware version 1.66. An attacker c...

This Cross-Site Scripting (XSS) vulnerability affects Supermicro X11SSM-F, X11SAE-F, and X11SSE-F BMC/IPMI firmware version 1.66. Attackers can inject...

This Cross-Site Scripting (XSS) vulnerability affects Supermicro X11SSM-F, X11SAE-F, and X11SSE-F BMC/IPMI firmware version 1.66. An attacker could in...

This Cross-Site Scripting (XSS) vulnerability affects Supermicro X11SSM-F, X11SAE-F, and X11SSE-F BMC/IPMI firmware version 1.66. An attacker could in...

This stored cross-site scripting (XSS) vulnerability in SonicOS SSLVPN portal allows authenticated admin users to inject and execute arbitrary JavaScr...

This vulnerability in dpaste allows attackers to execute arbitrary JavaScript in users' browsers via a reflected XSS attack through the expires parame...

This vulnerability in SINEMA Server V14 allows attackers to execute stored cross-site scripting attacks through improperly sanitized SNMP configuratio...

This stored XSS vulnerability in WS_FTP Server allows attackers with administrative privileges to inject malicious JavaScript via SSL certificate impo...

This reflected cross-site scripting (XSS) vulnerability in WS_FTP Server's Ad Hoc Transfer module allows attackers to execute malicious JavaScript in ...

HCL Verse contains a stored cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into web pages. When victims vi...

A cross-site scripting (XSS) vulnerability in HPE Integrated Lights-Out (iLO) management interfaces allows attackers to inject malicious scripts that ...

This vulnerability is a reflected cross-site scripting (XSS) attack in the iControl REST interface of F5 BIG-IP devices. Attackers can craft malicious...

A Cross-Site Scripting (XSS) vulnerability in Key Systems Inc Global Facilities Management Software allows remote attackers to inject malicious script...

A DOM-based cross-site scripting (XSS) vulnerability in JetBrains PyCharm's Jupyter viewer page allows attackers to execute arbitrary JavaScript in th...

An unauthenticated cross-site scripting (XSS) vulnerability in Mitel's Multimedia Email component allows attackers to execute arbitrary scripts in vic...

This CVE describes a cross-site scripting (XSS) vulnerability in Hitachi's Infrastructure Analytics Advisor and Ops Center Analyzer products. Attacker...

This cross-site scripting (XSS) vulnerability in Microsoft Office Out-of-Box Experience allows attackers to inject malicious scripts into web pages. W...

This Cross-Site Scripting (XSS) vulnerability in Masa CMS allows attackers to inject malicious scripts via the ajax URL query parameter. When exploite...

This DOM-based cross-site scripting vulnerability in the WP Ultimate Review WordPress plugin allows attackers to inject malicious scripts that execute...

This CVE describes a cross-site scripting (XSS) vulnerability in Kibana where improper input sanitization during web page generation allows attackers ...

This Cross-Site Scripting (XSS) vulnerability in Flowise allows attackers to inject malicious scripts via FORM and INPUT elements in chat logs. When a...

The Mesh Connect JS SDK prior to version 3.3.2 contains a cross-site scripting (XSS) vulnerability in the createLink.openLink function due to insuffic...

CVE-2025-52187 is a stored cross-site scripting (XSS) vulnerability in GetProjectsIdea Create School Management System 1.0 that allows attackers to in...

Emlog website building system contains a cross-site scripting (XSS) vulnerability in the keyword parameter that allows attackers to inject malicious J...

This cross-site scripting (XSS) vulnerability in Nuance Digital Engagement Platform allows attackers to inject malicious scripts into web pages viewed...

This DOM-based XSS vulnerability in VMware Aria Automation allows attackers to steal authenticated users' access tokens by tricking them into clicking...

This vulnerability in Netoloji Software E-Flow allows attackers to upload dangerous files and execute stored cross-site scripting attacks. It affects ...

An unauthenticated cross-site scripting (XSS) vulnerability in MagnusBilling's login logging component allows attackers to inject malicious HTML/JavaS...

CVE-2025-27500 is an authentication bypass vulnerability in OpenZiti's admin panel that allows unauthenticated attackers to upload malicious files to ...

A reflected cross-site scripting (XSS) vulnerability in oxyno-zeta/s3-proxy allows attackers to craft malicious URLs that inject scripts into the web ...