CWE-79: Cross-site Scripting (XSS)

A stored XSS vulnerability in Altium Workflow Engine allows authenticated users to inject malicious JavaScript into workflow data. When administrators...

HAX CMS versions 11.0.6 through 24.x are vulnerable to stored cross-site scripting (XSS), allowing attackers to inject malicious scripts that persist ...

This is a cross-site scripting (XSS) vulnerability in GitLab that allows an unauthenticated attacker to execute arbitrary JavaScript code in the conte...

This vulnerability allows unauthenticated attackers to inject malicious scripts into GitLab's Swagger UI interface, potentially enabling them to perfo...

ZITADEL versions 4.0.0-rc.1 through 4.7.0 have a DOM-based XSS vulnerability in the logout endpoint. Unauthenticated attackers can execute malicious J...

This vulnerability in ELOG allows authenticated users to upload HTML files that execute in other users' contexts, potentially stealing credentials. It...

CVE-2025-64112 is a stored cross-site scripting (XSS) vulnerability in Statmatic CMS that allows authenticated users with content creation permissions...

UnoPim versions before 0.2.1 contain a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts via SVG files at th...

The Jenkins Gatling Plugin 136.vb_9009b_3d33a_e has a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into ...

Laravel applications running vulnerable versions are susceptible to reflected cross-site scripting (XSS) attacks when debug mode is enabled. Attackers...

Laravel framework versions 11.9.0 through 11.35.1 contain a reflected cross-site scripting vulnerability in debug-mode error pages. Attackers can inje...

A stored XSS vulnerability in BIG-IP Configuration utility allows attackers to execute JavaScript in the context of logged-in users. This affects BIG-...

Jenkins Simple Queue Plugin 1.4.4 and earlier contains a stored cross-site scripting (XSS) vulnerability where attackers with View/Create permission c...

This stored cross-site scripting (XSS) vulnerability in Omada Identity allows authenticated attackers to inject malicious scripts into the Access Requ...

The Jenkins Authorize Project Plugin 1.7.2 and earlier contains a stored cross-site scripting (XSS) vulnerability where attackers with Item/Configure ...

This is a cross-site scripting (XSS) vulnerability in GitLab that allows attackers to create malicious web pages that can steal sensitive user informa...

This stored XSS vulnerability in the BIG-IP Configuration utility allows attackers to inject malicious JavaScript that executes when legitimate users ...

A stored cross-site scripting (XSS) vulnerability in FreeScout's signature input field allows support agents to inject malicious JavaScript that execu...

This stored cross-site scripting (XSS) vulnerability in TOTOLINK X2000R routers allows attackers to inject malicious scripts into the MAC Filtering co...

The Jenkins GitBucket Plugin 0.8 and earlier contains a stored cross-site scripting (XSS) vulnerability where GitBucket URLs displayed on build views ...

This vulnerability in the discourse-calendar plugin allows attackers to inject malicious scripts into event titles, leading to cross-site scripting (X...

This CVE describes a reflected cross-site scripting (XSS) vulnerability in TIBCO Nimbus Web Client that allows attackers to trick authenticated users ...

This vulnerability in Docker Desktop allows remote code execution (RCE) when a malicious extension description or changelog is processed. Attackers ca...

This cross-site scripting (XSS) vulnerability in Fortinet's FortiProxy and FortiOS web management interfaces allows authenticated attackers to inject ...

This vulnerability allows an attacker to inject malicious scripts into Microsoft SharePoint Server, which could execute when viewed by other users. It...

This is a stored cross-site scripting (XSS) vulnerability in WWBN AVideo's meeting scheduling feature. Attackers can inject malicious scripts into mee...

Directus instances using allow-listed password reset URLs are vulnerable to HTML injection attacks via query parameters. Attackers can craft malicious...

This CVE describes a stored cross-site scripting (XSS) vulnerability in TIBCO EBX web server components. It allows low-privileged attackers with netwo...

This stored Cross-Site Scripting (XSS) vulnerability in Adobe Experience Manager allows attackers to inject malicious JavaScript into vulnerable form ...

This stored Cross-Site Scripting (XSS) vulnerability in Adobe Experience Manager (AEM) allows attackers to inject malicious scripts into form fields, ...

This CVE describes a cross-site scripting (XSS) vulnerability in hoppscotch, an API development tool. Attackers can inject malicious scripts into web ...

This stored XSS vulnerability in TIBCO Nimbus Web Reporting allows low-privileged attackers to inject malicious scripts that execute when legitimate u...

This persistent cross-site scripting (XSS) vulnerability in Juniper Junos OS captive portal GUI allows authenticated remote attackers to inject malici...

This vulnerability allows attackers to execute malicious JavaScript in users' browsers through NetIQ Access Manager web interfaces. It affects organiz...

CVE-2021-35222 is a reflected cross-site scripting (XSS) vulnerability in SolarWinds Orion Platform that allows attackers to impersonate authenticated...

This CVE describes a Cross-Site Scripting (XSS) vulnerability in Shopware eCommerce platform that allows attackers to inject malicious scripts via SVG...

The Auth0 Next.js SDK versions 1.4.1 and lower contain a reflected cross-site scripting (XSS) vulnerability. Attackers can inject malicious JavaScript...

This vulnerability allows low-privileged attackers with network access to execute stored cross-site scripting (XSS) attacks in TIBCO Spotfire products...

This vulnerability allows low-privileged attackers with network access to execute stored cross-site scripting (XSS) attacks against TIBCO EBX Web Serv...

A stored XSS vulnerability in Dashboards functionality allows authenticated low-privilege users to inject malicious JavaScript into dashboards. When v...

A Cross-Site Scripting (XSS) vulnerability in Avaya Spaces allows attackers to inject malicious scripts into web pages viewed by other users. This cou...

This DOM-based cross-site scripting vulnerability in Apache NiFi's JoltTransformJSON Processor allows authenticated users with configuration privilege...

This CVE describes a cross-site scripting (XSS) vulnerability in copyparty versions before 1.9.2 that allows a local attacker with write access to exe...

This is a cross-site scripting (XSS) vulnerability in Joplin's Rich Text Editor caused by differences between Joplin's HTML sanitizer and browser comm...

This vulnerability in Joplin allows attackers to execute arbitrary code on a user's system by injecting malicious JavaScript into note titles. Users w...

This cross-site scripting (XSS) vulnerability in Mattermost's Confluence plugin allows authenticated Confluence users with malicious display names to ...

This vulnerability allows authenticated users to execute stored cross-site scripting (XSS) attacks through improper input validation in GitLab's Kuber...

This stored XSS vulnerability in Centreon Infra Monitoring allows attackers to inject malicious scripts into web pages through the recurrent downtime ...

This Cross-Site Scripting (XSS) vulnerability in GitLab Enterprise Edition allows attackers to bypass security controls and execute malicious scripts ...

This vulnerability in lxml_html_clean allows attackers to bypass HTML sanitization by exploiting differences in how browsers versus the library parse ...