CWE-79: Cross-site Scripting (XSS)

Mark Text v0.16.3 contains a DOM-based cross-site scripting vulnerability in pasteCtrl.js that allows attackers to inject malicious scripts. When expl...

CVE-2022-21241 is a cross-site scripting vulnerability in CSV+ versions prior to 0.8.1 that allows remote unauthenticated attackers to inject maliciou...

This vulnerability in the WordPress GDPR plugin allows cross-site scripting (XSS) attacks through a misconfigured AJAX endpoint. Both unauthenticated ...

This is a reflected cross-site scripting (XSS) vulnerability in Teedy document management system that allows unauthenticated attackers to inject malic...

This vulnerability in the ClickBank Affiliate Ads WordPress plugin allows attackers to change plugin settings via CSRF attacks when an admin is logged...

CVE-2021-3994 is a cross-site scripting (XSS) vulnerability in django-helpdesk that allows attackers to inject malicious scripts into web pages viewed...

This vulnerability in uClibc and uClibc-ng allows DNS responses containing special characters to bypass validation, potentially leading to incorrect h...

This is a cross-site scripting (XSS) vulnerability in xujinliang zibbs 1.0 that allows attackers to inject malicious scripts via the route parameter i...

This is a Cross-Site Scripting (XSS) vulnerability in PHP-Fusion's poll administration feature that allows attackers to inject malicious scripts into ...

This vulnerability in the Formidable Form Builder WordPress plugin allows unauthenticated attackers to inject malicious HTML links containing JavaScri...

This is a reflected cross-site scripting (XSS) vulnerability in the BIG-IP Configuration utility that allows attackers to execute malicious JavaScript...

This vulnerability in GitLab allows attackers to read arbitrary files on the server by uploading a specially crafted design image. It affects all GitL...

CVE-2021-31761 is a reflected cross-site scripting (XSS) vulnerability in Webmin 1.973 that can be exploited to achieve remote command execution throu...

This vulnerability allows unauthenticated attackers to perform stored cross-site scripting (XSS) attacks against TIBCO administration systems by socia...

CVE-2021-29459 is a cross-site scripting (XSS) vulnerability in XWiki Platform that allows attackers to inject malicious scripts into text fields. Bot...

This is a reflected cross-site scripting (XSS) vulnerability in the Patreon WordPress plugin that allows attackers to inject malicious scripts into th...

CVE-2021-29996 is a critical vulnerability in Mark Text that allows attackers to execute arbitrary commands through malicious .md files containing XSS...

CVE-2020-28149 is a cross-site scripting vulnerability in myDBR reporting software that allows attackers to inject malicious scripts via CSRF tokens. ...

CVE-2020-27224 is a critical vulnerability in Eclipse Theia's Markdown Preview component that allows cross-site scripting (XSS) to escalate to arbitra...

CVE-2021-3210 is a critical remote code execution vulnerability in BloodHound versions up to 4.0.1. Attackers can execute arbitrary system commands by...

This is a cross-site scripting (XSS) vulnerability in Mautic's forms component that allows attackers to inject malicious JavaScript via the mautic[ret...

This cross-site scripting (XSS) vulnerability in Mautic allows attackers to inject malicious JavaScript via the Referer header when downloading assets...

This vulnerability is a reflected Cross-Site Scripting (XSS) attack in the iControl REST interface of F5 BIG-IP devices. It allows attackers to execut...

CVE-2020-16608 is a cross-site scripting (XSS) vulnerability in Notable 1.8.4 that allows attackers to inject malicious Markdown content, which can le...

CVE-2020-18766 is a cross-site scripting vulnerability in AntSword v2.0.7 that allows remote attackers to execute arbitrary system commands. This affe...

CVE-2020-7750 is a DOM-based cross-site scripting (XSS) vulnerability in scratch-svg-renderer where improper SVG escaping allows attackers to inject a...

CVE-2020-26574 is a stored cross-site scripting (XSS) vulnerability in Leostream Connection Broker 8.2.x that allows unauthenticated attackers to inje...

This is a reflected cross-site scripting (XSS) vulnerability in Turboard software that allows attackers to inject malicious scripts into web pages. Us...

Real Time Automation 460 Series products with versions prior to v8.9.8 are vulnerable to cross-site scripting (XSS), allowing attackers to inject and ...

This cross-site scripting vulnerability in Weintek cMT products allows unauthenticated remote attackers to inject malicious JavaScript code into web i...

An unauthenticated reflected XSS vulnerability in SiYuan's dynamic icon API allows attackers to inject malicious JavaScript via crafted SVG images. Wh...

A stored cross-site scripting (XSS) vulnerability in AliasVault Web Client allows attackers to inject malicious JavaScript into emails sent to any Ali...

This is a stored cross-site scripting (XSS) vulnerability in Bugsink error tracking software. Unauthenticated attackers who can submit error events to...

This vulnerability allows attackers to inject malicious HTML/JavaScript payloads into ChatterMate chatbot inputs, which are then executed in users' br...

This cross-site scripting (XSS) vulnerability in Microsoft Account allows attackers to inject malicious scripts into web pages viewed by other users. ...

CVE-2026-21855 is a reflected Cross-Site Scripting (XSS) vulnerability in Tarkov Data Manager's toast notification system that allows attackers to exe...

CVE-2026-21430 is a CSRF vulnerability in Emlog's article creation functionality that allows attackers to force users to post malicious articles. When...

Adobe Experience Manager versions 6.5.23 and earlier contain a DOM-based Cross-Site Scripting vulnerability that allows attackers to execute arbitrary...

Adobe Experience Manager versions 6.5.23 and earlier contain a DOM-based Cross-Site Scripting vulnerability that allows attackers to execute arbitrary...

Adobe Experience Manager versions 6.5.23 and earlier contain a DOM-based Cross-Site Scripting vulnerability that allows attackers to execute arbitrary...

Adobe Connect versions 12.9 and earlier contain a DOM-based Cross-Site Scripting vulnerability that allows attackers to execute malicious JavaScript i...

This cross-site scripting (XSS) vulnerability in Azure Monitor allows attackers to inject malicious scripts into web pages, which execute when viewed ...

Leviton AcquiSuite and Energy Monitoring Hub have a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts via URL...

Adobe Connect versions 12.8 and earlier contain a reflected Cross-Site Scripting (XSS) vulnerability where attackers can inject malicious scripts into...

A Cross-Site Scripting (XSS) vulnerability in Beego's RenderForm() function allows attackers to inject malicious JavaScript that executes in victims' ...

CVE-2025-24981 is a cross-site scripting (XSS) vulnerability in the MDC markdown parser that allows attackers to bypass URL filtering by encoding Java...

A stored cross-site scripting vulnerability in PHPJabbers Cinema Booking System v2.0 allows attackers to inject malicious JavaScript through file uplo...

Adobe Connect versions 12.6, 11.4.7 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability where attackers can inject malicious scripts...

This stored Cross-Site Scripting (XSS) vulnerability in Adobe Connect allows attackers to inject malicious JavaScript into vulnerable form fields. Whe...

This is a cross-site scripting (XSS) vulnerability in Microsoft Copilot Studio that allows an unauthorized attacker to inject malicious scripts into w...