CWE-79: Cross-site Scripting (XSS)

CVE-2024-32979 is a reflected cross-site scripting vulnerability in Nautobot's filterable object-list views. Attackers can craft malicious URLs that e...

CVE-2024-27133 is a cross-site scripting (XSS) vulnerability in MLflow that occurs when running recipes with untrusted datasets. Insufficient sanitiza...

This vulnerability allows attackers to inject malicious scripts into the WS_FTP Server administrative interface through user-supplied inputs. When exp...

Pyhtml2pdf version 0.0.6 contains a cross-site scripting (XSS) vulnerability that allows remote attackers to read arbitrary local files. Attackers can...

This CVE describes an improper input neutralization vulnerability (Cross-Site Scripting) in OpenText ALM Octane versions 16.2.100 and above. Attackers...

This CVE describes a cross-site scripting (XSS) vulnerability in Pandora FMS that allows attackers to inject malicious scripts into the File Manager s...

SAP Business Objects Business Intelligence Platform contains a stored cross-site scripting (XSS) vulnerability that allows authenticated attackers to ...

This vulnerability allows attackers to upload HTML files disguised as images in Statamic CMS, bypassing MIME type validation. This affects front-end f...

This DOM-based XSS vulnerability in MyBB forum software allows attackers to execute malicious JavaScript in victims' browsers by tricking them into vi...

This is a cross-site scripting (XSS) vulnerability in Fortinet FortiSandbox that allows attackers to inject malicious scripts via crafted HTTP request...

This cross-site scripting (XSS) vulnerability in Fortinet FortiSandbox allows attackers to inject malicious scripts via crafted HTTP requests, which c...

This CVE describes a cross-site scripting (XSS) vulnerability in the @dcl/single-sign-on-client npm library. Improper input validation in the init fun...

This cross-site scripting (XSS) vulnerability in Prometheus Alertmanager allows attackers with POST permission to the /api/v1/alerts endpoint to injec...

Zoom for Linux clients prior to version 5.13.10 contain an HTML injection vulnerability (CWE-79) that allows malicious users to inject arbitrary HTML ...

This CVE describes multiple reflected cross-site scripting (XSS) vulnerabilities in undisclosed pages of the BIG-IP Configuration utility. Attackers c...

This is a cross-site scripting (XSS) vulnerability in Fortinet FortiNAC network access control solutions. Attackers can inject malicious scripts via c...

CVE-2022-34966 is an HTML injection vulnerability in OpenTeknik OSSN v6.3 LTS that allows attackers to inject malicious HTML content via the location ...

This vulnerability is a reflected cross-site scripting (XSS) flaw in the MiCODUS MV720 GPS tracker web server, allowing an attacker to inject maliciou...

This DOM-based XSS vulnerability in OctoPrint allows attackers to inject malicious scripts that execute in users' browsers when viewing manipulated co...

DIAEnergie versions 1.7.5 and earlier contain a reflected cross-site scripting (XSS) vulnerability in error pages that process .NET Request.QueryStrin...

DIAEnergie versions 1.7.5 and earlier contain a cross-site scripting (XSS) vulnerability in the 'name' parameter of HandlerEnergyType.ashx. This allow...

This is a cross-site scripting (XSS) vulnerability in Adminer database management software that allows attackers to inject malicious scripts into web ...

This stored XSS vulnerability in the Team Showcase WordPress plugin allows remote authenticated attackers to inject malicious JavaScript via AJAX requ...

This is a cross-site scripting (XSS) vulnerability in MediaWiki's user rights management interface. It allows attackers to inject malicious scripts th...

This vulnerability in Typebot allows attackers to steal stored credentials (OpenAI keys, Google Sheets tokens, SMTP passwords) from any user who previ...

A stored Cross-Site Scripting vulnerability in SiPass integrated allows attackers to inject malicious scripts that execute when other users visit affe...

A cross-site scripting vulnerability in Lenovo Browser allows attackers to execute malicious scripts in users' browsers when visiting specially crafte...

This cross-site scripting (XSS) vulnerability allows attackers to inject malicious JavaScript into the web application via specially crafted URLs. Whe...

This cross-site scripting (XSS) vulnerability in Sharp and Toshiba multifunction printers allows attackers to execute arbitrary scripts on the adminis...

A stored cross-site scripting (XSS) vulnerability in the Cozy Blocks WordPress plugin allows attackers to inject malicious scripts into web pages. Whe...

Sharp and Toshiba Tec multifunction printers (MFPs) have a reflected cross-site scripting vulnerability where specially crafted URLs can execute malic...

The SKT Addons for Elementor WordPress plugin has a stored cross-site scripting (XSS) vulnerability in its Age Gate and Creative Slider widgets. Authe...

The Brizy Page Builder WordPress plugin has a stored XSS vulnerability in its 'Link To' field across multiple widgets. Authenticated attackers with co...

CVE-2024-33306 is a stored cross-site scripting (XSS) vulnerability in SourceCodester Laboratory Management System 1.0 that allows attackers to inject...

This Cross-Site Scripting (XSS) vulnerability in DerbyNet allows remote attackers to inject malicious scripts via the render-document.php component. W...

This vulnerability allows cross-site scripting (XSS) attacks in danielmiessler fabric versions through 1.3.0 due to improper handling of innerHTML in ...

This vulnerability allows authenticated WordPress users with contributor-level permissions or higher to inject malicious scripts into pages using the ...

CMS Made Simple 2.2.14 has a cross-site scripting vulnerability in the admin user creation page that allows attackers to inject malicious JavaScript. ...

This vulnerability allows authenticated WordPress users with subscriber-level permissions or higher to inject malicious JavaScript into website pages ...

This vulnerability allows remote attackers to execute arbitrary JavaScript code in Typora's PDF export function, potentially stealing sensitive inform...

This CVE describes a reflected cross-site scripting (XSS) vulnerability in CrafterCMS Engine that allows attackers to inject malicious scripts into we...

This vulnerability allows attackers to execute reflected cross-site scripting (XSS) attacks via specially crafted URLs in OSnexus QuantaStor storage s...

This is a cross-site scripting (XSS) vulnerability in XWiki Platform that allows attackers to inject malicious scripts via the xredirect parameter in ...

This Cross-Site Scripting (XSS) vulnerability in Backstage's auth-backend plugin allows attackers to craft malicious URLs that, when visited by users,...

CVE-2021-40457 is a cross-site scripting (XSS) vulnerability in Microsoft Dynamics 365 Customer Engagement that allows attackers to inject malicious s...

JupyterLab versions before 3.1.0 contain a cross-site scripting vulnerability where untrusted notebooks can execute arbitrary code when loaded. The vu...

This Cross-Site Scripting (XSS) vulnerability in Discourse allows attackers to inject malicious scripts into d-popover tooltips, potentially compromis...

This vulnerability allows attackers to inject malicious code into Phoenix Contact FL SWITCH SMCS series network switches via LLDP frames, which then e...

This vulnerability in the PageLayer WordPress plugin allows authenticated users to execute AJAX actions without proper permission checks, including mo...

This CVE describes a cross-site scripting (XSS) vulnerability in Combodo iTop where attackers can inject malicious commands due to improper input vali...