CWE-79: Cross-site Scripting (XSS)

CVE-2024-47604 is a cross-site scripting (XSS) vulnerability in NuGet Gallery that allows attackers to inject malicious HTML or JavaScript through HTM...

This vulnerability allows attackers to inject and execute malicious JavaScript code in Symfony applications using auditor-bundle. The issue affects al...

This high-severity vulnerability in Confluence Data Center and Server allows unauthenticated attackers to execute reflected XSS attacks and CSRF attac...

Joplin note-taking application has a cross-site scripting (XSS) vulnerability where pasting untrusted HTML into the rich text editor can execute arbit...

The FS Product Inquiry WordPress plugin through version 1.1.1 contains a reflected cross-site scripting (XSS) vulnerability. Attackers can inject mali...

A vulnerability in Firefox allows a file dialog displayed during full-screen mode to leave the window disabled, potentially enabling clickjacking atta...

SourceCodester Product Show Room 1.0 contains a stored cross-site scripting (XSS) vulnerability in the 'First Name' field when adding users. This allo...

This Cross-Site Scripting (XSS) vulnerability in Cobham SAILOR VSAT Ku satellite communication systems allows remote attackers to inject malicious scr...

This CVE describes a cross-site scripting (XSS) vulnerability in Schneider Electric products where attackers can inject and execute malicious JavaScri...

This vulnerability allows attackers to inject malicious scripts into Microsoft Dynamics 365 (on-premises) web pages, which are then executed in victim...

CVE-2024-23893 is a stored cross-site scripting (XSS) vulnerability in Cups Easy Purchase & Inventory version 1.0 that allows attackers to inject mali...

CVE-2024-23896 is a stored cross-site scripting (XSS) vulnerability in Cups Easy Purchase & Inventory software version 1.0. An attacker can inject mal...

This is a Cross-Site Scripting (XSS) vulnerability in Cups Easy Purchase & Inventory version 1.0 that allows remote attackers to inject malicious scri...

CVE-2024-23885 is a stored Cross-Site Scripting (XSS) vulnerability in Cups Easy Purchase & Inventory version 1.0 that allows remote attackers to inje...

CVE-2024-23887 is a stored Cross-Site Scripting (XSS) vulnerability in Cups Easy Purchase & Inventory version 1.0 that allows remote attackers to inje...

CVE-2024-23889 is a stored cross-site scripting (XSS) vulnerability in Cups Easy version 1.0 that allows remote attackers to inject malicious scripts ...

CVE-2024-23881 is a stored Cross-Site Scripting (XSS) vulnerability in Cups Easy version 1.0 that allows remote attackers to inject malicious scripts ...

CVE-2024-23883 is a stored cross-site scripting (XSS) vulnerability in Cups Easy Purchase & Inventory version 1.0 that allows attackers to inject mali...

CVE-2024-23875 is a stored cross-site scripting (XSS) vulnerability in Cups Easy version 1.0 that allows attackers to inject malicious scripts via the...

CVE-2024-23877 is a stored cross-site scripting (XSS) vulnerability in Cups Easy Purchase & Inventory version 1.0 that allows remote attackers to inje...

CVE-2024-23879 is a stored cross-site scripting (XSS) vulnerability in Cups Easy Purchase & Inventory version 1.0 that allows attackers to inject mali...

This is a stored Cross-Site Scripting (XSS) vulnerability in Cups Easy Purchase & Inventory software version 1.0. It allows remote attackers to inject...

CVE-2024-23871 is a stored cross-site scripting (XSS) vulnerability in Cups Easy Purchase & Inventory version 1.0 that allows attackers to inject mali...

CVE-2024-23873 is a stored cross-site scripting (XSS) vulnerability in Cups Easy Purchase & Inventory version 1.0 that allows attackers to inject mali...

CVE-2024-23865 is a stored cross-site scripting (XSS) vulnerability in Cups Easy Purchase & Inventory version 1.0. Attackers can inject malicious scri...

CVE-2024-23867 is a stored Cross-Site Scripting (XSS) vulnerability in Cups Easy Purchase & Inventory version 1.0 that allows remote attackers to inje...

CVE-2024-23863 is a stored Cross-Site Scripting (XSS) vulnerability in Cups Easy Purchase & Inventory version 1.0 that allows attackers to inject mali...

This is a Cross-Site Scripting (XSS) vulnerability in Cups Easy Purchase & Inventory software version 1.0 that allows attackers to inject malicious sc...

CVE-2024-23861 is a stored Cross-Site Scripting (XSS) vulnerability in Cups Easy version 1.0 that allows remote attackers to inject malicious scripts ...

CVE-2024-23857 is a Cross-Site Scripting (XSS) vulnerability in Cups Easy (Purchase & Inventory) version 1.0 that allows remote attackers to inject ma...

This vulnerability allows attackers to upload malicious files through the System Manager User Import Function, which can lead to session hijacking. It...

This CVE describes a stored cross-site scripting (XSS) vulnerability in SAP UI5 Variant Management where user-controlled inputs are not properly encod...

This cross-site scripting (XSS) vulnerability in Zulip Server allows attackers to inject malicious JavaScript into topic tooltips. When a victim hover...

CVE-2023-0835 is a path traversal vulnerability in markdown-pdf version 11.0.0 that allows attackers to read arbitrary local files by injecting malici...

This is a cross-site scripting (XSS) vulnerability in quickentity-editor-next, a local video game asset editor. It allows attackers to execute arbitra...

Western Digital My Cloud devices contain a cross-site scripting (XSS) vulnerability that allows authenticated attackers with elevated privileges to in...

This CVE describes a cross-site scripting (XSS) vulnerability in PrivateBin where malicious SVG attachments containing JavaScript can execute arbitrar...

Wiki.js versions 2.5.263 and earlier are vulnerable to stored cross-site scripting (XSS) through malicious non-image file uploads. An authenticated at...

This vulnerability in Owncast allows cross-site scripting (XSS) attacks when users paste content containing inline JavaScript. Attackers can execute a...

CVE-2021-27910 is a stored cross-site scripting (XSS) vulnerability in Mautic's bounce management callback function. Attackers can inject malicious Ja...

This is a reflected Cross-site Scripting (XSS) vulnerability in Rucio's WebUI that allows attackers to steal login session tokens. Attackers can craft...

This stored cross-site scripting (XSS) vulnerability in Statmatic CMS allows authenticated users with field management permissions to inject malicious...

This vulnerability in Vega visualization library allows arbitrary JavaScript execution via DOM-based XSS when applications meet two conditions: they a...

A stored XSS vulnerability in Open Source Point of Sale allows attackers with administrative access to inject malicious JavaScript into the Return Pol...

This vulnerability allows attackers to upload malicious attachments that are served with HTML content types, enabling cross-site scripting (XSS) attac...

The Cool Tag Cloud WordPress plugin has a stored XSS vulnerability that allows authenticated attackers with contributor-level access or higher to inje...

This vulnerability in Chrome's WebRTC implementation allows attackers to perform arbitrary read/write operations via a crafted HTML page. It affects u...

This vulnerability allows arbitrary JavaScript code execution in Vega visualization applications when two specific conditions are met: the application...

CVE-2025-63307 is a Cross-Site Scripting (XSS) vulnerability in alexusmai/laravel-file-manager version 3.3.1 that allows attackers to upload malicious...

An open redirect vulnerability in Plane project management software allows attackers to inject malicious JavaScript via the ?next_path query parameter...