CWE-79: Cross-site Scripting (XSS)

This vulnerability in the Registrations for the Events Calendar WordPress plugin allows unauthenticated attackers to inject malicious scripts into eve...

A stored cross-site scripting vulnerability in Webkul Krayin CRM 1.3.0 allows attackers to inject malicious JavaScript via the username field. When ex...

A reflected cross-site scripting vulnerability in vTiger CRM 7.4.0 allows attackers to inject malicious scripts via the tag parameter. When exploited,...

This reflected cross-site scripting (XSS) vulnerability in vTiger CRM 7.4.0 allows attackers to inject malicious scripts via the viewname parameter. W...

This stored XSS vulnerability in Forcepoint Web Security allows attackers to inject malicious JavaScript into the Transaction Viewer's user agent fiel...

A cross-site scripting (XSS) vulnerability in Koha Integrated Library System allows remote attackers to inject malicious scripts via the additional-co...

This vulnerability in Whale browser allows attackers to execute malicious JavaScript code due to improper sanitization in a built-in extension. Attack...

CVE-2024-23997 is a cross-site scripting (XSS) vulnerability in Lukas Bach yana versions ≤1.0.16 that allows attackers to inject malicious scripts v...

Jupyter Server Proxy versions 3.x before 3.2.4 and 4.x before 4.2.0 contain a reflected cross-site scripting (XSS) vulnerability in the /proxy endpoin...

A Cross-Site Scripting (XSS) vulnerability in mintplex-labs/anything-llm allows attackers to execute arbitrary JavaScript code by exploiting the appli...

A deep link validation vulnerability in KakaoTalk allowed attackers to execute arbitrary JavaScript in WebViews, which could leak access tokens and en...

An arbitrary file upload vulnerability in Box-IM v2.0 allows attackers to upload malicious PDF files that can execute arbitrary code on the server. Th...

This is a stored cross-site scripting (XSS) vulnerability in PrestaShop that allows attackers to upload malicious files through the contact form. When...

Froxlor versions before 2.1.9 have a stored blind XSS vulnerability in the failed login logging feature. Unauthenticated attackers can inject maliciou...

This is a cross-site scripting (XSS) vulnerability in Centreon's SNMP sysName OID processing that allows remote code execution. Attackers can inject m...

This is a stored cross-site scripting (XSS) vulnerability in NETGEAR ProSAFE Network Management System that allows remote attackers to inject maliciou...

This is a cross-site scripting (XSS) vulnerability in Softing edgeAggregator client that allows remote attackers to execute arbitrary scripts. When co...

This is a cross-site scripting (XSS) vulnerability in Xiaomi Pro 13 smartphones that allows remote code execution. Attackers can inject malicious scri...

This cross-site scripting (XSS) vulnerability in WonderCMS v3.4.3 allows attackers to inject malicious scripts into the website title parameter, which...

This vulnerability allows attackers to inject malicious scripts into the Last Name parameter of Cosmetics and Beauty Product Online Store v1.0, enabli...

This is a Cross-Site Scripting (XSS) vulnerability in Form Tools 3.1.1 that allows attackers to inject malicious scripts via the client_id parameter i...

A cross-site scripting (XSS) vulnerability in Teamwire Windows desktop client versions 2.0.1 through 2.4.0 allows remote attackers to inject malicious...

This reflected cross-site scripting (XSS) vulnerability in Liferay Portal and DXP allows attackers to inject malicious scripts into the Language Overr...

This cross-site scripting (XSS) vulnerability in Liferay's HtmlUtil.escapeJsLink function allows attackers to inject malicious JavaScript or HTML thro...

This Cross-Site Scripting (XSS) vulnerability in Axigen WebMail allows remote attackers to inject malicious scripts via the serverName_input parameter...

This stored XSS vulnerability in Liferay's Portal Search module allows authenticated attackers to inject malicious scripts into search results when hi...

This stored cross-site scripting (XSS) vulnerability in Apache Superset allows authenticated attackers with create/update permissions to inject malici...

This is a stored cross-site scripting (XSS) vulnerability in WWBN AVideo's getOpenGraph videoName functionality that allows attackers to inject malici...

This Cross-Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows attackers to inject malicious scripts through the search feature, which could l...

This reflected cross-site scripting (XSS) vulnerability in Liferay Portal allows remote attackers to inject malicious scripts or HTML via the p_l_back...

This vulnerability allows reflected cross-site scripting (XSS) in XWiki's page creation form when document name validation is enabled. An attacker can...

This vulnerability allows remote unauthenticated attackers to execute persistent cross-site scripting (XSS) and cross-site request forgery (CSRF) atta...

CVE-2022-37830 is a cross-site scripting (XSS) vulnerability in Interway a.s WebJET CMS version 8.6.896 that allows attackers to inject malicious scri...

This vulnerability allows remote attackers to inject malicious scripts into multiple address fields in Liferay's Commerce module. When exploited, thes...

This reflected cross-site scripting (XSS) vulnerability allows attackers to inject malicious scripts into the Export for Translation page of affected ...

This is a Cross-Site Scripting (XSS) vulnerability in Dolibarr ERP CRM's REST API module that allows remote attackers to inject malicious scripts. Whe...

This vulnerability allows cross-site scripting (XSS) attacks in OPNsense firewall management interfaces. Attackers can inject malicious scripts via th...

CVE-2023-3526 is a cross-site scripting (XSS) vulnerability in PHOENIX CONTACT TC ROUTER and TC CLOUD CLIENT devices that allows unauthenticated remot...

This CVE describes a Cross-Site Scripting (XSS) vulnerability in the username field of the ChatEngine application's login servlet. Attackers can injec...

This is a cross-site scripting (XSS) vulnerability in XWiki Platform that allows attackers to inject malicious JavaScript via specially crafted URLs. ...

CVE-2023-1892 is a reflected cross-site scripting (XSS) vulnerability in Sidekiq web dashboard prior to version 7.0.8. Attackers can inject malicious ...

This CVE describes a cross-site scripting (XSS) vulnerability in Netgate pfSense's ACME package that allows attackers to inject malicious scripts via ...

CVE-2020-19947 is a cross-site scripting (XSS) vulnerability in Markdown Edit that allows remote attackers to inject malicious scripts via the edit pa...

This stored cross-site scripting (XSS) vulnerability in Jenkins allows attackers to inject malicious scripts into error messages about plugin incompat...

This stored XSS vulnerability in Jenkins update-center2 allows attackers who can provide plugins for hosting to inject malicious scripts into plugin d...

Wire secure messaging application is vulnerable to cross-site scripting (XSS) via insufficient escaping of @mentions. This allows attackers to inject ...

CVE-2022-32271 is a critical remote code execution vulnerability in Real Player's DCP:// URI handler. Attackers can exploit this by tricking users int...

This is a cross-site scripting (XSS) vulnerability in Wire's web application interface that allows attackers to inject and execute arbitrary JavaScrip...

This Cross-Site Scripting (XSS) vulnerability in Webmin 1.973 allows attackers to inject malicious scripts via the Scheduled Cron Jobs feature. When e...

This vulnerability allows attackers in a privileged position to execute cross-site scripting (XSS) attacks on affected Siemens RUGGEDCOM industrial ne...