CWE-79: Cross-site Scripting (XSS)

This CVE describes a Cross-Site Scripting (XSS) vulnerability in MacCMS v.10 version 2024.1000.3000 that allows remote attackers to inject malicious s...

This vulnerability allows attackers to inject malicious scripts into web pages generated by the Youzify - Buddypress Moderation WordPress plugin, pote...

Archer Platform 6.x contains a stored cross-site scripting (XSS) vulnerability that allows authenticated malicious users to inject and store malicious...

This stored cross-site scripting (XSS) vulnerability in Schoolbox's news functionality allows authenticated attackers to inject malicious scripts that...

This stored cross-site scripting (XSS) vulnerability in Schoolbox's calendar functionality allows authenticated attackers to inject malicious scripts ...

A stored cross-site scripting (XSS) vulnerability in Avo's key_value field allows attackers to inject malicious JavaScript that executes in victims' b...

This is a stored cross-site scripting (XSS) vulnerability in M-Files Classic Web that allows attackers to inject malicious scripts into HTML documents...

CVE-2023-33130 is a cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server that allows attackers to inject malicious scripts into web...

This CVE describes a stored Cross-Site Scripting (XSS) vulnerability in the Avo Ruby on Rails admin panel framework. Attackers with form edit privileg...

This vulnerability allows attackers to upload malicious SVG files to Mattermost Boards and share them via direct links. When users view these SVG file...

Grafana has a stored cross-site scripting (XSS) vulnerability in the trace view visualization that allows attackers with Editor role to inject malicio...

This CVE describes a reflected cross-site scripting (XSS) vulnerability in TIBCO BusinessConnect's UI component. An attacker with low privileges and n...

CVE-2020-28455 is a cross-site scripting (XSS) vulnerability in the markdown-it-toc npm package. It allows attackers to inject malicious scripts into ...

Grafana versions 8.x and 9.x before specific patched releases are vulnerable to stored cross-site scripting (XSS) in the Unified Alerting feature. An ...

This vulnerability allows attackers to inject malicious JavaScript into Markdown content in JetBrains YouTrack's Classic UI. When exploited, it enable...

This CVE describes a stored cross-site scripting (XSS) vulnerability in Kirby CMS's image block functionality. Authenticated attackers can inject mali...

CVE-2021-41175 is a cross-site scripting (XSS) vulnerability in Pi-hole's web interface that allows attackers to inject malicious scripts when adding ...

This is a privilege escalation vulnerability in Apache CouchDB where a malicious user with document creation permissions can attach HTML files contain...

CVE-2021-37695 is a cross-site scripting (XSS) vulnerability in CKEditor 4's Fake Objects plugin that allows attackers to inject malicious HTML that c...

This vulnerability in @scullyio/scully allows cross-site scripting (XSS) attacks through improper serialization of transfer state data. Attackers can ...

This vulnerability allows attackers to inject malicious scripts into the S-Cart admin panel, which could execute in administrators' browsers. It affec...

baserCMS versions 4.0.0 through 4.4.0 contain a cross-site scripting vulnerability in management interface components. Attackers with administrative a...

baserCMS 4.3.6 and earlier contains a cross-site scripting (XSS) vulnerability in toolbar.php that allows authenticated administrators to execute arbi...

This cross-site scripting (XSS) vulnerability in GitLab allows attackers to inject malicious scripts into milestone titles, which then execute in vict...

This CVE describes a cross-site scripting (XSS) vulnerability in the RubyGem sanitize library. When using the 'relaxed' configuration or custom config...

The WP App Bar WordPress plugin has a stored XSS vulnerability that allows unauthenticated attackers to inject malicious scripts into plugin settings....

The Fluent Forms Pro WordPress plugin has a stored XSS vulnerability that allows unauthenticated attackers to inject malicious scripts into draft form...

The WPBookit WordPress plugin has a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts into w...

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability in the schedule endpoint. Attackers can inject malicious JavaScript vi...

CVE-2019-25422 is a cross-site scripting vulnerability in Comodo Dome Firewall that allows attackers to inject malicious JavaScript through the vpnfw ...

Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability in the license activation endpoint. Attackers can inject malicious Jav...

This vulnerability allows unauthenticated attackers to inject malicious scripts via the 'wpcr3_fname' parameter in the WP Customer Reviews WordPress p...

MajorDoMo contains an unauthenticated stored XSS vulnerability that allows attackers to inject malicious JavaScript into property values. When adminis...

The Rent Fetch WordPress plugin contains a stored cross-site scripting (XSS) vulnerability in the 'keyword' parameter that allows unauthenticated atta...

The RSS Aggregator WordPress plugin is vulnerable to reflected cross-site scripting (XSS) via the 'template' parameter. Unauthenticated attackers can ...

This stored XSS vulnerability in Smoothwall Express allows attackers to inject malicious JavaScript through modem.cgi POST parameters. When users acce...

This stored and reflected XSS vulnerability in Smoothwall Express allows attackers to inject malicious JavaScript via the urlfilter.cgi endpoint. When...

This cross-site scripting (XSS) vulnerability in SmarterMail allows attackers to inject malicious scripts via MAPI requests. It affects organizations ...

The Super Page Cache WordPress plugin has a stored cross-site scripting vulnerability in its Activity Log feature. Unauthenticated attackers can injec...

This vulnerability allows unauthenticated attackers to execute arbitrary JavaScript in victims' browsers via the 'sscf_name' parameter in the Super Si...

The PixelYourSite WordPress plugin is vulnerable to stored cross-site scripting (XSS) via insufficient input sanitization in the 'pysTrafficSource' an...

The Secure Copy Content Protection and Content Locking WordPress plugin is vulnerable to stored cross-site scripting (XSS) via the 'X-Forwarded-For' H...

This stored XSS vulnerability in the Customer Reviews for WooCommerce WordPress plugin allows attackers to inject malicious scripts into web pages via...

The iONE360 configurator WordPress plugin has a stored XSS vulnerability in its contact form parameters that allows unauthenticated attackers to injec...

The Name Directory WordPress plugin has a stored XSS vulnerability that allows unauthenticated attackers to inject malicious scripts via public submis...

This stored XSS vulnerability in the LatePoint WordPress plugin allows unauthenticated attackers to inject malicious scripts into customer profile fie...

This stored XSS vulnerability in the Sell BTC WordPress plugin allows unauthenticated attackers to inject malicious scripts into order records. When a...

PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the address parameter of change_params.php. Attackers can inject malicious...

PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' field of the purchase page. Attacker...

This stored cross-site scripting vulnerability in VestaCP allows attackers to inject malicious scripts into the IP interface configuration. When admin...