CWE-79: Cross-site Scripting (XSS)

This stored XSS vulnerability in Bolt CMS allows attackers to inject malicious JavaScript into uploaded filenames after initial upload by renaming fil...

CVE-2020-4038 is a severe cross-site scripting (XSS) vulnerability in GraphQL Playground's HTML rendering component. It allows attackers to inject mal...

This vulnerability allows attackers to inject malicious HTML/JavaScript into Kestra's execution-file preview feature, leading to cross-site scripting ...

This CVE describes a DOM-based cross-site scripting (XSS) vulnerability in Gogs self-hosted Git service. Attackers can inject malicious JavaScript int...

Rucio versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting vulnerability in the WebUI's Custom Rules function. This allows ...

This stored cross-site scripting (XSS) vulnerability in Open WebUI allows attackers to inject malicious HTML into chat history metadata, which gets ex...

This vulnerability in GitLab allows an authenticated attacker to inject malicious content into the vulnerability code flow, potentially performing una...

Docmost versions before 0.25.0 have a stored XSS vulnerability in public share pages where page titles aren't properly HTML-escaped before insertion i...

Authenticated students in Open eClass platform can inject malicious JavaScript into user profile fields, which executes when other users view those pr...

This cross-site scripting vulnerability in Moodle allows attackers to inject malicious scripts through AI prompt responses. When users view compromise...

This Cross-Site Scripting (XSS) vulnerability in Moodle allows attackers to inject malicious JavaScript code into arithmetic expression fields in the ...

HotCRP conference review software versions from October 2025 through January 2026 incorrectly delivered all document types with inline Content-Disposi...

This stored XSS vulnerability in n8n allows attackers with workflow creation permissions to execute arbitrary JavaScript in the n8n editor interface. ...

This stored cross-site scripting (XSS) vulnerability in Hotech Software's Otello allows attackers to inject malicious scripts into web pages that are ...

SysReptor versions before 2025.102 have a stored XSS vulnerability where authenticated users can upload malicious JavaScript files through the web UI....

This stored XSS vulnerability in DivvyDrive's Digital Corporate Warehouse allows attackers to inject malicious scripts into web pages that persist and...

This stored cross-site scripting (XSS) vulnerability in ManageEngine Exchange Reporter Plus allows attackers to inject malicious scripts into the Fold...

Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below contain a stored cross-site scripting (XSS) vulnerability in the Public Folders r...

This stored cross-site scripting (XSS) vulnerability in ManageEngine Exchange Reporter Plus allows attackers to inject malicious scripts into custom r...

ManageEngine Exchange Reporter Plus versions 5723 and below contain a stored cross-site scripting (XSS) vulnerability in the 'Mails Deleted or Moved' ...

Open Source Social Network (OSSN) 8.6 contains a reflected cross-site scripting vulnerability in the administrator friends endpoint. Attackers can inj...

Adobe Connect versions 12.9 and earlier contain a DOM-based XSS vulnerability that allows high-privileged attackers to execute malicious scripts in vi...

The Kiwire Captive Portal contains a reflected cross-site scripting (XSS) vulnerability in the login-url parameter that allows attackers to execute ar...

This Cross-Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server allows attackers to inject malicious scripts into ...

A stored XSS vulnerability in MyCourts v3 allows attackers to inject malicious JavaScript into user profiles. When other users view these profiles, th...

This Cross-Site Scripting (XSS) vulnerability in ARD's Ajax transaction manager allows attackers to inject malicious JavaScript into the accountName f...

This CVE describes a cross-site scripting (XSS) vulnerability in the Hyundai Navigation App where an attacker can inject HTML payloads into the profil...

This CVE describes a cross-site scripting (XSS) vulnerability in the Drupal etracker module that allows attackers to inject malicious scripts into web...

This Cross-Site Scripting (XSS) vulnerability in Jalios JPlatform allows attackers to inject malicious scripts into web pages, which execute in victim...

This cross-site scripting vulnerability in Emlog Pro v2.5.4 allows attackers to inject malicious scripts into article headers via the admin interface....

This vulnerability allows attackers to execute arbitrary JavaScript in victims' browsers through Cross-site Scripting (XSS) in dom-expressions and sol...

This vulnerability in solid-js allows user input to be rendered as HTML when placed directly inside JSX fragments, enabling cross-site scripting (XSS)...

CVE-2025-24372 is a cross-site scripting (XSS) vulnerability in CKAN data management systems that allows authenticated users to upload malicious files...

This cross-site scripting (XSS) vulnerability in QNAP's QuLog Center allows remote attackers with user access to inject malicious scripts that could b...

This vulnerability in lollms-webui version 9.6 allows attackers to upload malicious SVG files containing JavaScript code that executes when rendered, ...

This is a stored cross-site scripting (XSS) vulnerability in InvenTree inventory management system. Registered users can inject malicious JavaScript i...

This stored XSS vulnerability in Cacti allows authenticated users with external link creation privileges to inject malicious scripts into web pages. W...

This Cross-Site Scripting (XSS) vulnerability in openPetra allows attackers to inject malicious scripts via the serverMFinDev.asmx function, potential...

This Cross-Site Scripting (XSS) vulnerability in openPetra v.2023.02 allows remote attackers to inject malicious scripts via the serverMServerAdmin.as...

This Cross-Site Scripting (XSS) vulnerability in openPetra allows attackers to inject malicious scripts into the serverMHospitality.asmx function, pot...

This Cross-Site Scripting (XSS) vulnerability in openPetra's serverMConference.asmx function allows attackers to inject malicious scripts into web pag...

This stored cross-site scripting (XSS) vulnerability in Mautic allows attackers to inject malicious scripts into contact tracking and page hits report...

CVE-2024-45799 is a cross-site scripting (XSS) vulnerability in FluxCP that allows attackers to inject malicious JavaScript via shop names and vendor/...

This is a stored cross-site scripting (XSS) vulnerability in Outline's document editor that allows authenticated users to inject malicious JavaScript ...

A stored cross-site scripting (XSS) vulnerability in Archer Platform 6 allows authenticated attackers to inject malicious scripts into application dat...

A stored cross-site scripting (XSS) vulnerability in Archer Platform 6 allows authenticated attackers to inject malicious HTML/JavaScript into the app...

This is a Cross-Site Scripting (XSS) vulnerability in jizhicms v2.5.4 that allows remote attackers to inject malicious scripts via crafted article pub...

This CVE describes a Cross-Site Scripting (XSS) vulnerability in MacCMS v.10 version 2024.1000.3000 that allows remote attackers to inject malicious s...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the Youzify - Buddypress Moderation WordPress plugin, pote...

Archer Platform 6.x contains a stored cross-site scripting (XSS) vulnerability that allows authenticated malicious users to inject and store malicious...