CWE-79: Cross-site Scripting (XSS)

Adive Framework 2.0.8 has a persistent Cross-Site Scripting (XSS) vulnerability in the admin tables add endpoint due to insufficient input encoding. T...

This CVE describes a Cross-Site Scripting (XSS) vulnerability in Summernote versions 0.8.18 and earlier. An attacker can inject malicious JavaScript v...

This is a cross-site scripting (XSS) vulnerability in Microsoft Dynamics 365 on-premises deployments that allows attackers to inject malicious scripts...

This is a cross-site scripting (XSS) vulnerability in Microsoft Dynamics 365 on-premises that allows attackers to inject malicious scripts into web pa...

This vulnerability allows attackers to inject malicious scripts into Microsoft Dynamics 365 (on-premises) web pages, which are then executed in victim...

CVE-2024-21328 is a cross-site scripting (XSS) vulnerability in Microsoft Dynamics 365 Sales that allows attackers to inject malicious scripts into we...

This CVE describes a cross-site scripting (XSS) vulnerability in SAP CRM WebClient UI's print preview feature. Attackers with low-privilege access can...

Authentik is vulnerable to reflected Cross-Site Scripting (XSS) via JavaScript-URIs in OpenID Connect flows when using response_mode=form_post. This a...

This stored XSS vulnerability in WhatsUp Gold allows attackers to inject malicious JavaScript into the Alert Center. When users interact with the craf...

A stored cross-site scripting (XSS) vulnerability in WhatsUp Gold allows attackers to inject malicious JavaScript into dashboard components. When user...

This is a cross-site scripting (XSS) vulnerability in Microsoft Dynamics 365 on-premises that allows attackers to inject malicious scripts into web pa...

This is a cross-site scripting (XSS) vulnerability in Microsoft Dynamics 365 on-premises that allows attackers to inject malicious scripts into web pa...

This is a cross-site scripting (XSS) vulnerability in Microsoft Dynamics 365 Finance and Operations that allows attackers to inject malicious scripts ...

CVE-2023-39437 is a cross-site scripting (XSS) vulnerability in SAP Business One version 10.0 that allows attackers to inject malicious scripts into w...

This cross-site scripting (XSS) vulnerability in NetBotz 4 environmental monitoring devices allows attackers to inject malicious scripts into web page...

This vulnerability allows attackers to inject malicious scripts into Microsoft Dynamics 365 (on-premises) web pages, which are then executed in victim...

Kiwi TCMS versions before 12.1 are vulnerable to cross-site scripting (XSS) via malicious SVG file uploads. When users upload SVG files containing Jav...

This is a cross-site scripting (XSS) vulnerability in Pimcore's web interface that allows attackers to inject malicious scripts into web pages viewed ...

This is a cross-site scripting (XSS) vulnerability in Microsoft Dynamics 365 Customer Engagement that allows attackers to inject malicious scripts int...

CVE-2022-21649 is a stored cross-site scripting (XSS) vulnerability in Convos chat software where URLs starting with 'https://' in chat messages are i...

This vulnerability allows Contributor-level WordPress users to import malicious blocks containing JavaScript onto any page built with Elementor, overw...

This vulnerability allows attackers to upload malicious Power BI template files containing HTML with scripts. When victims access these HTML files, th...

This cross-site scripting (XSS) vulnerability in QNAP Photo Station allows remote attackers to inject malicious JavaScript code into web pages viewed ...

This cross-site scripting (XSS) vulnerability in QNAP Photo Station allows remote attackers to inject malicious JavaScript code into web pages viewed ...

This vulnerability allows authenticated low-privileged WordPress users (like contributors or authors) to execute cross-site scripting (XSS) attacks in...

CVE-2021-32808 is a cross-site scripting (XSS) vulnerability in CKEditor 4 that allows attackers to execute arbitrary JavaScript code by exploiting a ...

CVE-2021-29489 is a cross-site scripting (XSS) vulnerability in Highcharts JS versions 8 and earlier. It allows attackers to inject malicious scripts ...

Wiki.js versions before 2.5.191 are vulnerable to stored cross-site scripting (XSS) through mustache expressions in code blocks. Malicious users can c...

This stored cross-site scripting (XSS) vulnerability in Online Invoicing System version 4.0 allows attackers to inject malicious scripts into item des...

This CVE describes a DOM-based cross-site scripting (XSS) vulnerability in the Scratch Addons browser extension. Attackers could exploit this by trick...

This is a cross-site scripting (XSS) vulnerability in Microsoft Dynamics 365 (on-premises) that allows authenticated attackers to inject malicious scr...

This CVE-2020-14610 is a cross-site scripting (XSS) vulnerability in Oracle Applications Framework's file upload component. It allows authenticated at...

This Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin allows attackers to execute malicious scripts in administrato...

SPA-CART CMS 1.9.0.3 has a stored cross-site scripting (XSS) vulnerability in the product description field, allowing authenticated administrators to ...

CVE-2025-24853 is a cross-site scripting (XSS) vulnerability in Apache JSPWiki that allows attackers to inject malicious JavaScript via wiki markup sy...

VMware NSX Manager UI has a stored XSS vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. This affe...

This vulnerability allows remote unauthenticated attackers to perform cross-site scripting (XSS) attacks through the SSL VPN web interface in affected...

This stored cross-site scripting (XSS) vulnerability in the Estatik Mortgage Calculator WordPress plugin allows attackers to inject malicious scripts ...

This Cross-Site Scripting (XSS) vulnerability in Joomla allows attackers to inject malicious scripts into menu list ID attributes. When exploited, it ...

This CVE describes a cross-site scripting (XSS) vulnerability in the Boa web server that allows attackers to inject malicious scripts into web pages. ...

This vulnerability in TCPDF allows cross-site scripting (XSS) attacks through unescaped error messages. Attackers can inject malicious scripts that ex...

This vulnerability in TCPPDF allows cross-site scripting (XSS) attacks via malicious SVG files. Attackers can inject JavaScript through the font-famil...

This vulnerability allows attackers to bypass access controls in eSoft Planner 3.24.08271-USA by sending specially crafted web requests, enabling unau...

CVE-2024-52598 is a Server-Side Request Forgery (SSRF) vulnerability in 2FAuth version 5.4.1 that allows attackers to make the application send HTTP r...

This CVE describes a cross-site scripting (XSS) vulnerability in VaeMendis software that allows attackers to inject malicious scripts into web pages v...

CVE-2020-11926 allows unauthenticated attackers to retrieve device credentials and Wi-Fi network information from Luvion Grand Elite 3 Connect devices...

This vulnerability in Jitsi Meet allows attackers to make clients load GIFs from arbitrary URLs by sending specially crafted messages. This affects al...

This stored XSS vulnerability in LibreNMS allows authenticated users to inject malicious JavaScript through device names in the Device Dependencies fe...

This vulnerability allows attackers to execute arbitrary JavaScript in the privileged devtools origin via specially crafted multipart responses, enabl...

CVE-2024-32979 is a reflected cross-site scripting vulnerability in Nautobot's filterable object-list views. Attackers can craft malicious URLs that e...