CWE-79: Cross-site Scripting (XSS)

This vulnerability allows authenticated users with page edit permissions in BookStack to inject malicious JavaScript links into pages. When other user...

This vulnerability allows attackers to inject malicious scripts via model outputs containing <script> tags in New API's MarkdownRenderer.jsx component...

Fabric.js versions before 7.2.0 have an SVG export vulnerability where user-controlled JSON data isn't properly escaped when converted to SVG. This al...

This vulnerability allows authenticated attackers to inject malicious JavaScript into document titles in Polarion applications. When other users view ...

This CVE describes a cross-site scripting (XSS) vulnerability in Ofisimo's Association Web Package Flora software that allows attackers to inject mali...

This is a reflected cross-site scripting (XSS) vulnerability in Kod8 Individual and SME Website software that allows attackers to inject malicious scr...

This is a reflected cross-site scripting (XSS) vulnerability in Seres Software syWEB that allows attackers to inject malicious scripts into web pages....

This CVE describes a reflected cross-site scripting (XSS) vulnerability in AKCE Software's SKSPro product. Attackers can inject malicious scripts into...

This vulnerability allows attackers to inject malicious scripts into DNN module friendly names, which then execute during certain Persona Bar operatio...

This vulnerability allows attackers to inject malicious scripts into DNN module descriptions, which then execute in the Persona Bar administration int...

This vulnerability allows stored cross-site scripting (XSS) attacks in DNN CMS. Attackers with extension permissions can inject malicious scripts into...

This vulnerability allows authenticated attackers to inject malicious HTML content into Project Release functionality in Altium Enterprise Server. Whe...

A stored XSS vulnerability in Altium 365 user profile fields allows authenticated attackers to inject malicious scripts that execute when other users ...

This CVE describes a cross-site scripting (XSS) vulnerability in Verisay's Aidango software that allows attackers to inject malicious scripts into web...

This is a cross-site scripting (XSS) vulnerability in Titarus software from Verisay Communication and Information Technology Industry and Trade Ltd. C...

This CVE describes a cross-site scripting (XSS) vulnerability in Trizbi software by Verisay Communication and Information Technology Industry and Trad...

RomM (ROM Manager) versions before 4.4.1 contain multiple unrestricted file upload vulnerabilities that allow authenticated users to upload malicious ...

This CVE describes a stored cross-site scripting (XSS) vulnerability in the Aimeos GrapesJS CMS extension. Malicious editors can inject JavaScript cod...

The prosemirror_to_html gem versions 0.2.0 and below are vulnerable to Cross-Site Scripting (XSS) attacks through malicious HTML attribute values. Whi...

This is a reflected cross-site scripting (XSS) vulnerability in Proliz Software's OBS Student Affairs Information System. Attackers can inject malicio...

Emlog versions 2.5.21 and below contain a stored cross-site scripting (XSS) vulnerability in mail template settings. An attacker with admin access can...

CVE-2025-45805 is a stored cross-site scripting (XSS) vulnerability in phpgurukul Doctor Appointment Management System 1.0. Authenticated doctor users...

This vulnerability allows attackers to inject malicious scripts into web pages generated by Drupal's COOKiES Consent Management module, which could ex...

A cross-site scripting (XSS) vulnerability in Zone Bitaqati allows attackers to inject malicious scripts into web pages viewed by other users. This af...

Microweber CMS 2.0 contains a stored cross-site scripting (XSS) vulnerability in the profile page's last name field. This allows attackers to inject m...

CVE-2025-53528 is a reflected cross-site scripting (XSS) vulnerability in Cadwyn's API documentation endpoint. An attacker can craft a malicious URL c...

File Browser versions prior to 2.33.7 have a stored cross-site scripting (XSS) vulnerability in the Markdown preview function. When users upload Markd...

This stored cross-site scripting (XSS) vulnerability in the Sina Extension for Elementor WordPress plugin allows attackers to inject malicious scripts...

OpenEMR versions before 7.0.3.4 have a stored XSS vulnerability where authenticated users with patient creation privileges can inject malicious JavaSc...

OpenEMR versions before 7.0.3.4 have a stored XSS vulnerability where authenticated users with patient editing privileges can inject malicious JavaScr...

This CVE describes a cross-site scripting (XSS) vulnerability in Grafana that combines client path traversal with open redirect. Attackers can redirec...

A cross-site scripting vulnerability in GitHub Enterprise Server allows attackers to inject malicious scripts into math blocks using $$..$$ delimiters...

This vulnerability in Icinga Reporting allows attackers to embed arbitrary JavaScript in report templates. When previewed, this enables attackers to a...

This is a cross-site scripting (XSS) vulnerability in Icinga Web 2 that allows attackers to craft malicious URLs. When any user visits such a URL, arb...

An authenticated stored cross-site scripting (XSS) vulnerability in MagnusBilling's Alarm Module allows attackers to inject malicious scripts that exe...

A stored XSS vulnerability in langgenius/dify's chat log functionality allows attackers to inject malicious HTML tags like <input> and <form> via prom...

This vulnerability allows unprivileged users to create stored cross-site scripting (XSS) attacks on the pwn.college education platform by exploiting m...

This stored XSS vulnerability in YesWiki allows authenticated users with page/comment editing rights to inject malicious scripts via the {{attach}} co...

YesWiki versions up to 4.4.5 contain a DOM-based cross-site scripting (XSS) vulnerability in the tag search feature. When users click malicious links ...

This vulnerability allows attackers to inject malicious scripts into Microsoft Dynamics 365 Sales, which execute when viewed by other users. It affect...

CVE-2020-11859 is an improper input validation vulnerability in OpenText iManager that allows cross-site scripting (XSS) attacks. Attackers can inject...

The Logo Slider WordPress plugin before version 4.1.0 contains a stored cross-site scripting (XSS) vulnerability. Users with contributor role or highe...

CVE-2024-47782 is a cross-site scripting (XSS) vulnerability in the WikiDiscover extension for CreateWiki-managed wiki farms. The vulnerability allows...

CVE-2024-9198 is a stored cross-site scripting (XSS) vulnerability in Clibo Manager v1.1.9.1 that allows attackers to upload malicious SVG images as p...

This CVE describes a stored cross-site scripting (XSS) vulnerability in Galaxy's editor visualization endpoint. Attackers can inject malicious HTML/Ja...

A stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows low-privileged attackers to inject malicious JavaScript into vulnerable for...

This is a cross-site scripting (XSS) vulnerability in mailcow: dockerized that allows unauthenticated attackers to inject malicious JavaScript into AP...

This is a cross-site scripting (XSS) vulnerability in Azure DevOps Server that allows attackers to inject malicious scripts into web pages viewed by o...

HP LaserJet Pro printers are vulnerable to cross-site scripting (XSS) attacks through their web management interface. This allows attackers to inject ...

CVE-2024-30047 is a cross-site scripting (XSS) vulnerability in Microsoft Dynamics 365 Customer Insights that allows attackers to inject malicious scr...