CWE-79: Cross-site Scripting (XSS)

This vulnerability in lxml_html_clean allows attackers to bypass HTML sanitization by exploiting differences in how browsers versus the library parse ...

This Cross-Site Scripting (XSS) vulnerability in Decidim's meeting embeds feature allows attackers to inject malicious scripts through specially craft...

A reflected Cross-site Scripting (XSS) vulnerability in 3DSwymer component of 3DEXPERIENCE platform allows attackers to inject malicious scripts that ...

This cross-site scripting vulnerability in GitLab allows attackers to inject malicious scripts that execute in the context of authenticated users. All...

Piccolo Admin versions before 1.3.2 allow SVG file uploads by default, which can contain malicious scripts. When an attacker uploads a crafted SVG fil...

An unauthenticated stored cross-site scripting (XSS) vulnerability in BigFix Server version 9.5.12.68 allows attackers to inject malicious scripts int...

CVE-2023-37519 is an unauthenticated stored cross-site scripting (XSS) vulnerability in the Download Status Report feature of BigFix Server. Attackers...

ZoneMinder versions before 1.36.33 are vulnerable to stored cross-site scripting (XSS) through malicious referrer field injection in database logs. Wh...

Dell PowerScale OneFS versions 8.2.x through 9.4.x contain stored cross-site scripting (XSS) vulnerabilities. Remote authenticated users with high pri...

This is a stored cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition's Jira integration. It allows attackers to inject malicious Jav...

This CVE describes a reflected cross-site scripting (XSS) vulnerability in TIBCO JasperReports Server's REST API. A low-privileged attacker with netwo...

This vulnerability allows remote attackers with write access to PI ProcessBook files to inject malicious code that executes when imported into OSIsoft...

This is a post-authentication reflected cross-site scripting (XSS) vulnerability in QNAP's Q'center management software. It allows authenticated attac...

CVE-2021-32818 is a template injection vulnerability in haml-coffee JavaScript templating engine that allows remote code execution and cross-site scri...

CVE-2020-26249 is a remote code execution vulnerability in Red Discord Bot Dashboard that allows attackers to inject malicious code through specially ...

This vulnerability allows attackers to inject malicious scripts via model outputs containing <script> tags in New API's MarkdownRenderer.jsx component...

Fabric.js versions before 7.2.0 have an SVG export vulnerability where user-controlled JSON data isn't properly escaped when converted to SVG. This al...

This vulnerability allows authenticated attackers to inject malicious JavaScript into document titles in Polarion applications. When other users view ...

This CVE describes a cross-site scripting (XSS) vulnerability in Ofisimo's Association Web Package Flora software that allows attackers to inject mali...

This is a reflected cross-site scripting (XSS) vulnerability in Kod8 Individual and SME Website software that allows attackers to inject malicious scr...

This is a reflected cross-site scripting (XSS) vulnerability in Seres Software syWEB that allows attackers to inject malicious scripts into web pages....

This CVE describes a reflected cross-site scripting (XSS) vulnerability in AKCE Software's SKSPro product. Attackers can inject malicious scripts into...

This vulnerability allows attackers to inject malicious scripts into DNN module friendly names, which then execute during certain Persona Bar operatio...

This vulnerability allows attackers to inject malicious scripts into DNN module descriptions, which then execute in the Persona Bar administration int...

This vulnerability allows stored cross-site scripting (XSS) attacks in DNN CMS. Attackers with extension permissions can inject malicious scripts into...

This vulnerability allows authenticated attackers to inject malicious HTML content into Project Release functionality in Altium Enterprise Server. Whe...

A stored XSS vulnerability in Altium 365 user profile fields allows authenticated attackers to inject malicious scripts that execute when other users ...

This CVE describes a cross-site scripting (XSS) vulnerability in Verisay's Aidango software that allows attackers to inject malicious scripts into web...

This is a cross-site scripting (XSS) vulnerability in Titarus software from Verisay Communication and Information Technology Industry and Trade Ltd. C...

This CVE describes a cross-site scripting (XSS) vulnerability in Trizbi software by Verisay Communication and Information Technology Industry and Trad...

RomM (ROM Manager) versions before 4.4.1 contain multiple unrestricted file upload vulnerabilities that allow authenticated users to upload malicious ...

This CVE describes a stored cross-site scripting (XSS) vulnerability in the Aimeos GrapesJS CMS extension. Malicious editors can inject JavaScript cod...

The prosemirror_to_html gem versions 0.2.0 and below are vulnerable to Cross-Site Scripting (XSS) attacks through malicious HTML attribute values. Whi...

This is a reflected cross-site scripting (XSS) vulnerability in Proliz Software's OBS Student Affairs Information System. Attackers can inject malicio...

Emlog versions 2.5.21 and below contain a stored cross-site scripting (XSS) vulnerability in mail template settings. An attacker with admin access can...

CVE-2025-45805 is a stored cross-site scripting (XSS) vulnerability in phpgurukul Doctor Appointment Management System 1.0. Authenticated doctor users...

This vulnerability allows attackers to inject malicious scripts into web pages generated by Drupal's COOKiES Consent Management module, which could ex...

A cross-site scripting (XSS) vulnerability in Zone Bitaqati allows attackers to inject malicious scripts into web pages viewed by other users. This af...

Microweber CMS 2.0 contains a stored cross-site scripting (XSS) vulnerability in the profile page's last name field. This allows attackers to inject m...

CVE-2025-53528 is a reflected cross-site scripting (XSS) vulnerability in Cadwyn's API documentation endpoint. An attacker can craft a malicious URL c...

File Browser versions prior to 2.33.7 have a stored cross-site scripting (XSS) vulnerability in the Markdown preview function. When users upload Markd...

This stored cross-site scripting (XSS) vulnerability in the Sina Extension for Elementor WordPress plugin allows attackers to inject malicious scripts...

OpenEMR versions before 7.0.3.4 have a stored XSS vulnerability where authenticated users with patient creation privileges can inject malicious JavaSc...

OpenEMR versions before 7.0.3.4 have a stored XSS vulnerability where authenticated users with patient editing privileges can inject malicious JavaScr...

This CVE describes a cross-site scripting (XSS) vulnerability in Grafana that combines client path traversal with open redirect. Attackers can redirec...

A cross-site scripting vulnerability in GitHub Enterprise Server allows attackers to inject malicious scripts into math blocks using $$..$$ delimiters...

This vulnerability in Icinga Reporting allows attackers to embed arbitrary JavaScript in report templates. When previewed, this enables attackers to a...

This is a cross-site scripting (XSS) vulnerability in Icinga Web 2 that allows attackers to craft malicious URLs. When any user visits such a URL, arb...

An authenticated stored cross-site scripting (XSS) vulnerability in MagnusBilling's Alarm Module allows attackers to inject malicious scripts that exe...

A stored XSS vulnerability in langgenius/dify's chat log functionality allows attackers to inject malicious HTML tags like <input> and <form> via prom...