CWE-79: Cross-site Scripting (XSS)

OpenLiteSpeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows attackers to inject malicious ...

Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in calendar event subtitles that allows attackers to inject malicious JavaScrip...

This stored cross-site scripting vulnerability in Genexis Platinum-4410 routers allows attackers to inject malicious scripts into the 'start_addr' par...

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress sites using the NotificationX plugin. When users visit ...

StudyMD 0.3.2 contains a persistent cross-site scripting vulnerability where attackers can upload malicious markdown files containing JavaScript paylo...

Markdownify 1.2.0 contains a persistent cross-site scripting (XSS) vulnerability that allows attackers to upload malicious markdown files containing e...

Markright 1.0 contains a persistent cross-site scripting (XSS) vulnerability where attackers can embed malicious JavaScript in markdown files. When us...

CVE-2021-47839 is a persistent cross-site scripting (XSS) vulnerability in Marky 0.0.1 that allows attackers to inject malicious JavaScript into markd...

Moeditor 0.2.0 contains a persistent cross-site scripting (XSS) vulnerability where attackers can embed malicious JavaScript in markdown files. When v...

Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious scripts in custom widget titles and fi...

This CVE describes a cross-site scripting (XSS) vulnerability in LemonLDAP::NG's portal login page. Attackers can inject malicious scripts via the tab...

The Name Directory WordPress plugin up to version 1.30.3 has a stored cross-site scripting vulnerability that allows unauthenticated attackers to inje...

The AJS Footnotes WordPress plugin has a stored XSS vulnerability that allows unauthenticated attackers to inject malicious scripts into website pages...

This stored XSS vulnerability in the GeekyBot WordPress plugin allows unauthenticated attackers to inject malicious scripts via chat messages. When ad...

This vulnerability allows unauthenticated attackers to inject malicious JavaScript into WordPress sites using the Frontend Admin plugin. The injected ...

The SlimStat Analytics WordPress plugin has a stored XSS vulnerability in versions up to 5.3.4 that allows unauthenticated attackers to inject malicio...

The SlimStat Analytics WordPress plugin has a stored XSS vulnerability in all versions up to 5.3.3. Unauthenticated attackers can inject malicious scr...

This vulnerability in NiceGUI allows attackers to manipulate URL fragment identifiers via cross-site iframe attacks, potentially enabling UI manipulat...

CVE-2025-66648 is a cross-site scripting (XSS) vulnerability in vega-functions library that allows attackers to execute arbitrary JavaScript code by e...

CVE-2022-50787 is an unauthenticated stored cross-site scripting vulnerability in SOUND4 IMPACT/FIRST/PULSE/Eco software versions 2.x. Attackers can i...

The SureForms WordPress plugin has a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts into ...

The ELEX WordPress HelpDesk & Customer Ticketing System plugin has a stored XSS vulnerability that allows unauthenticated attackers to inject maliciou...

This CVE describes a cross-site scripting (XSS) vulnerability in Vega visualization components that allows authenticated users to inject malicious scr...

This CVE describes a Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail that allows attackers to inject malicious scripts via the animate t...

The Fancy Product Designer WordPress plugin allows unauthenticated attackers to upload malicious SVG files containing JavaScript that executes when vi...

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress pages using the CleanTalk security plugin. When users v...

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress pages using the Social Reviews & Recommendations plugin...

The Widgets for Google Reviews WordPress plugin has a stored XSS vulnerability that allows unauthenticated attackers to inject malicious scripts into ...

This stored XSS vulnerability in the Omnichannel for WooCommerce plugin allows unauthenticated attackers to inject malicious scripts that execute when...

The Unlimited Elements For Elementor WordPress plugin allows unauthenticated attackers to upload malicious SVG files containing JavaScript that execut...

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress pages using the Telegram Bot & Channel plugin. When use...

The Simple User Registration plugin for WordPress has a stored cross-site scripting vulnerability in the 'wpr_admin_msg' parameter. Unauthenticated at...

The WPBookit WordPress plugin up to version 1.0.6 has a stored cross-site scripting vulnerability in the 'css_code' parameter. Unauthenticated attacke...

This stored XSS vulnerability in Pyxis Signage allows attackers to inject malicious scripts into web pages that are then executed when other users vie...

This vulnerability allows unauthenticated attackers to inject malicious JavaScript into WordPress sites using the GiveWP donation plugin. The stored X...

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress pages using the RafflePress plugin. The stored XSS exec...

The Easy Email Subscription WordPress plugin has a stored XSS vulnerability in the 'name' parameter that allows unauthenticated attackers to inject ma...

The Footnotes Made Easy WordPress plugin has a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scr...

This vulnerability in Astro's image proxy allows attackers to bypass domain validation by using backslashes in the href parameter, enabling server-sid...

The Watu Quiz WordPress plugin versions ≤3.4.4 have a stored XSS vulnerability when the 'Save source URL' option is enabled. Unauthenticated attacke...

This vulnerability allows attackers to inject malicious scripts into the Complaint Management System's admin interface via the categoryName parameter....

This vulnerability allows attackers to inject HTML or execute arbitrary code via cookie hijacking in Adform Site Tracking server-side backend. It affe...

This cross-site scripting (XSS) vulnerability in NamelessMC allows authenticated attackers to inject malicious scripts into web pages via the default_...

The Use-your-Drive WordPress plugin has a stored XSS vulnerability in the 'title' parameter of file metadata. Attackers can inject malicious scripts t...

This vulnerability allows attackers to inject malicious scripts via the 'q' parameter in LinuxServer.io Heimdall, potentially compromising user sessio...

This stored XSS vulnerability in the WP Event Manager plugin allows unauthenticated attackers to inject malicious JavaScript into event organizer name...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to inject malicious JavaScript into group descriptions ...

This vulnerability allows unauthenticated attackers to inject malicious scripts into WordPress sites using the Ultra Addons for Contact Form 7 plugin....

The Wise Chat WordPress plugin has a stored XSS vulnerability that allows unauthenticated attackers to inject malicious scripts via the X-Forwarded-Fo...

The Xagio SEO WordPress plugin has a stored XSS vulnerability in all versions up to 7.1.0.16. Unauthenticated attackers can inject malicious scripts v...