CWE-79: Cross-site Scripting (XSS)

An open redirect vulnerability in Plane project management software allows attackers to inject malicious JavaScript via the ?next_path query parameter...

Authenticated users in RISE Ultimate Project Manager & CRM can inject malicious HTML into invoices and messages. This content renders in emails, PDFs,...

This reflected XSS vulnerability in tawk.to chatbox widget v4 allows attackers to inject malicious JavaScript that executes in users' browsers when th...

This stored cross-site scripting (XSS) vulnerability in Austrian Archaeological Institute OpenAtlas allows attackers to inject malicious scripts into ...

DuraComm SPM-500 DP-10iN-100-MU devices are vulnerable to cross-site scripting (XSS) attacks that could allow attackers to inject malicious scripts in...

This vulnerability allows attackers to inject malicious scripts into the 'Attachments by filename keyword' report feature in ManageEngine Exchange Rep...

Discourse versions before 3.5.0.beta6 are vulnerable to cross-site scripting (XSS) when social logins are used without Content Security Policy (CSP) e...

Real Estate Management 1.0 contains a stored cross-site scripting (XSS) vulnerability in the /store/index.php endpoint. This allows attackers to injec...

This vulnerability in Dot desktop application allows cross-site scripting (XSS) attacks that can lead to remote code execution. Attackers can inject m...

Pega Platform versions 8.4.3 through Infinity 24.2.1 contain a cross-site scripting (XSS) vulnerability in the Mashup component. This allows attackers...

This Cross-Site Scripting (XSS) vulnerability in CtrlPanel allows attackers to inject malicious scripts into the moderator panel by manipulating the p...

Wegia versions below 3.2.0 contain a cross-site scripting vulnerability in the employee documents page that allows attackers to inject malicious scrip...

This vulnerability in grist-core allows cross-site scripting (XSS) attacks via malicious SVG attachments. When a user previews an attachment containin...

This vulnerability allows attackers to inject malicious scripts into Optimizely Configured Commerce search history, which then execute in users' brows...

MobSF versions before 4.2.9 have a stored XSS vulnerability in the 'Diff or Compare' functionality. Attackers can upload malicious script files that e...

A reflected XSS vulnerability in @dapperduckling/keycloak-connector-server allows attackers to execute arbitrary JavaScript in victims' browsers by tr...

This stored XSS vulnerability in EdgeConnect SD-WAN Orchestrator's web management interface allows authenticated attackers to inject malicious scripts...

This vulnerability allows cross-site scripting (XSS) attacks in React applications using Plate media editor. Attackers can inject malicious JavaScript...

CVE-2024-38354 is a cross-site scripting (XSS) vulnerability in CodiMD/HackMD's notebook feature that allows attackers to inject malicious scripts via...

This vulnerability allows an admin user in Splunk Enterprise and Splunk Cloud Platform to store and execute arbitrary JavaScript code in other users' ...

Stored Cross-Site Scripting (XSS) vulnerabilities in OpenText ArcSight Logger allow attackers to inject malicious scripts that persist in the applicat...

SAP Business Objects Business Intelligence Platform contains a stored cross-site scripting (XSS) vulnerability in the Opendocument URL parameter. Atta...

The MM-email2image WordPress plugin through version 0.2.5 contains a stored cross-site scripting (XSS) vulnerability due to improper input validation ...

CVE-2024-28233 is a cross-site scripting (XSS) vulnerability in JupyterHub that allows attackers to achieve full access to the JupyterHub API and user...

This CVE describes a cross-site scripting (XSS) vulnerability in Honeywell MPA2 Access Panel web server modules. Attackers can inject malicious script...

This stored cross-site scripting (XSS) vulnerability in PAC Device web interfaces allows administrators to inject malicious scripts into form fields. ...

This stored XSS vulnerability in EdgeConnect SD-WAN Orchestrator allows authenticated attackers to inject malicious scripts into the web interface. Wh...

This cross-site scripting (XSS) vulnerability in Intel DSA software allows unauthenticated attackers to inject malicious scripts via network access. I...

This cross-site scripting (XSS) vulnerability in Intel Manageability Commander software allows unauthenticated attackers to inject malicious scripts v...

A persistent cross-site scripting (XSS) vulnerability in Unica Campaign allows attackers to inject malicious scripts into a specific field. When users...

This CVE describes a persistent cross-site scripting (XSS) vulnerability in a specific field of the Unica Platform. An attacker can inject malicious s...

CVE-2023-34089 is a cross-site scripting (XSS) vulnerability in Decidim's processes filter feature that allows remote attackers to execute JavaScript ...

CVE-2023-32693 is a cross-site scripting (XSS) vulnerability in Decidim's external link feature that allows remote attackers to execute JavaScript in ...

CVE-2023-32686 is a cross-site scripting (XSS) vulnerability in Kiwi TCMS that allows attackers to bypass file upload validation and upload malicious ...

CVE-2023-23467 is a reflected cross-site scripting (XSS) vulnerability in Media CP Media Control Panel that allows attackers to inject malicious scrip...

This vulnerability allows remote attackers to execute arbitrary shell commands with root privileges on affected Baicells cellular base stations via HT...

This cross-site scripting (XSS) vulnerability in Johnson Controls Metasys building automation systems allows attackers to inject malicious scripts int...

This vulnerability allows remote attackers to upload malicious files disguised as images to the admin interface, which can then trigger cross-site scr...

This stored XSS vulnerability in Adobe Experience Manager allows attackers to inject malicious JavaScript into vulnerable form fields. When users visi...

This vulnerability allows authenticated attackers with object modification privileges to inject malicious HTML/JavaScript into the TopEase® Platform'...

CVE-2021-21422 is a cross-site scripting (XSS) vulnerability in mongo-express web interface that allows attackers to execute arbitrary JavaScript in a...

CVE-2021-32641 is a reflected cross-site scripting (XSS) vulnerability in Auth0's Lock authentication widget. Attackers can inject malicious scripts v...

This is a cross-site scripting (XSS) vulnerability in 1CDN file sharing software that allows attackers to inject malicious JavaScript code. When explo...

This stored cross-site scripting (XSS) vulnerability in Magento allows attackers to inject malicious JavaScript into customer address uploads. When ex...

This vulnerability allows cross-site scripting (XSS) attacks in MarkUs assignment submission system. Attackers can inject malicious scripts into stude...

This vulnerability allows unauthenticated attackers to inject arbitrary scripts into GitLab's Mermaid diagram sandbox UI, potentially leading to cross...

This stored cross-site scripting (XSS) vulnerability in Jenkins allows attackers with Agent/Configure or Agent/Disconnect permissions to inject malici...

A stored XSS vulnerability in FacturaScripts allows attackers to inject malicious JavaScript into the Observations field, which executes when administ...

A stored XSS vulnerability in Altium Workflow Engine allows authenticated users to inject malicious JavaScript into workflow data. When administrators...

HAX CMS versions 11.0.6 through 24.x are vulnerable to stored cross-site scripting (XSS), allowing attackers to inject malicious scripts that persist ...