CWE-79: Cross-site Scripting (XSS)

This is a cross-site scripting (XSS) vulnerability in Microsoft Copilot Studio that allows an unauthorized attacker to inject malicious scripts into w...

This is a spoofing vulnerability in Azure Stack Hub that allows attackers to inject malicious content into web applications, potentially tricking user...

A Cross-Site Scripting vulnerability in Roundcube webmail allows attackers to steal and send victims' emails via malicious email attachments with dang...

A cross-site scripting (XSS) vulnerability in Sharp Energy Management Controller with Cloud Services allows network-adjacent unauthenticated attackers...

Central Dogma versions before 0.64.1 contain a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into web pag...

A reflected XSS vulnerability in Piwigo's admin interface allows attackers to inject malicious JavaScript via crafted URLs. Only authenticated adminis...

This vulnerability in CleverTap Cordova Plugin allows remote attackers to execute arbitrary JavaScript code in applications that open specially crafte...

This vulnerability allows attackers to inject arbitrary HTML into Mastodon oEmbed preview cards by bypassing HTML sanitization. When users click on ma...

This reflected cross-site scripting (XSS) vulnerability in LAquis SCADA allows attackers to inject malicious scripts via error messages when requestin...

This vulnerability allows attackers to inject malicious JavaScript into CSV files exported from Combodo iTop. When users open these CSV files, the Jav...

The WPO365 | LOGIN WordPress plugin (versions up to 15.3) has a stored XSS vulnerability where anonymous users can inject malicious scripts. When a Wo...

This vulnerability in mapfish-print allows attackers to exploit JSONP support to execute cross-site scripting (XSS) attacks. Users of mapfish-print ve...

This vulnerability allows attackers to inject malicious scripts into DNN module titles, which execute in users' browsers when viewing affected pages. ...

This is a reflected cross-site scripting (XSS) vulnerability in WeGIA web management software that allows unauthenticated attackers to inject maliciou...

Nagios XI versions before 2024R1 have an API key generation vulnerability where attackers can generate identical API keys for all users. This allows a...

This vulnerability in The Events Calendar WordPress plugin allows attackers to inject malicious scripts into web pages viewed by other users. It affec...

This SQL injection vulnerability in School Task Manager v1.0 allows remote attackers to execute arbitrary SQL commands via the delete-task.php compone...

CVE-2023-49785 is a server-side request forgery (SSRF) and cross-site scripting (XSS) vulnerability in NextChat (ChatGPT-Next-Web) that allows attacke...

This stored Cross-Site Scripting (XSS) vulnerability in Adobe Commerce allows an authenticated admin attacker to inject malicious JavaScript into admi...

This cross-site scripting (XSS) vulnerability in Secomea SiteManager's web GUI allows authenticated users to inject malicious scripts. When exploited,...

A stored cross-site scripting (XSS) vulnerability in Chamilo LMS allows low-privileged users (like trainers) to inject malicious JavaScript into cours...

This vulnerability allows low-privilege users in Chamilo LMS to upload malicious files containing stored XSS payloads through the Social Networks feat...

A stored cross-site scripting (XSS) vulnerability in RustFS Console allows attackers to inject malicious JavaScript that executes when administrators ...

Axigen Mail Server versions before 10.5.57 contain multiple stored XSS vulnerabilities in the WebAdmin interface. Attackers can inject malicious JavaS...

Authenticated users can upload malicious SVG files containing JavaScript in NocoDB versions before 0.301.0. When other users view these attachments, t...

A stored cross-site scripting vulnerability in Altium Forum allows authenticated attackers to inject malicious JavaScript into forum posts. When other...

This vulnerability allows attackers to upload malicious SVG avatar images containing JavaScript payloads in ERPNext and Frappe Framework. When an admi...

This vulnerability allows an attacker to inject malicious content into the Emby Server admin dashboard by manipulating the X-Emby-Client header during...

ClipBucket v5 versions 5.5.2-#156 and below contain a stored cross-site scripting (XSS) vulnerability in the photo collection name field. Authenticate...

This stored XSS vulnerability in Juniper Networks Junos Space allows attackers to inject malicious scripts into web pages that execute with administra...

CVE-2025-56795 is a stored cross-site scripting vulnerability in Mealie recipe management software. Attackers can inject malicious scripts into recipe...

This vulnerability in DNN's Prompt module allows attackers to execute arbitrary scripts through malicious input, leading to cross-site scripting (XSS)...

A stored cross-site scripting (XSS) vulnerability in NamelessMC's dashboard text editor allows authenticated attackers to inject malicious scripts tha...

This vulnerability in XWiki Rendering allows cross-site scripting (XSS) attacks through raw HTML blocks in the XHTML syntax. Users who can edit docume...

This vulnerability allows attackers to perform cross-site scripting (XSS) attacks in Argo CD's repository page. Attackers with repository edit permiss...

This vulnerability in Halo website building software allows attackers to bypass file upload validation controls. Attackers can upload malicious files ...

A cross-site scripting (XSS) vulnerability in open-webui versions up to 0.3.8 allows attackers to inject malicious scripts into tooltips. When exploit...

This vulnerability allows an attacker with a user-level account to perform a session fixation attack in open-webui/open-webui version 0.3.8. By embedd...

A cross-site scripting vulnerability in ClearML Enterprise Server's dataset upload functionality allows attackers to inject malicious HTML/JavaScript ...

This CVE describes a cross-site scripting (XSS) vulnerability in Dolibarr's Events/Agenda module that allows attackers to inject malicious scripts int...

This vulnerability allows cross-site scripting (XSS) attacks in Discourse AI plugin when HTML entities from shared bot conversations leak into Discour...

This vulnerability in Lollms v9.9 allows attackers to upload malicious SVG files that bypass incomplete sanitization, leading to cross-site scripting ...

A stored cross-site scripting (XSS) vulnerability in MindsDB allows attackers to inject malicious JavaScript into ML Engine, database, project, or dat...

CVE-2024-42366 is a critical vulnerability in VRCX, a companion application for VRChat, that allows remote command execution through a combination of ...

This is a cross-site scripting (XSS) vulnerability in Cybozu Garoon that allows authenticated administrators to inject malicious scripts into web page...

This is a cross-site scripting (XSS) vulnerability in Inductive Automation Ignition's OPC UA Quick Client web interface that allows remote code execut...

CVE-2024-2692 is a Server-Side Cross-Site Scripting (XSS) vulnerability in SiYuan note-taking software version 3.0.3 that allows attackers to execute ...

This stored XSS vulnerability allows authenticated attackers to inject malicious scripts into document titles in Liferay's Document and Media widget. ...

This CVE describes multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal and DXP. Authenticated attackers can inject malicious ...

This reflected cross-site scripting (XSS) vulnerability in Liferay Portal and DXP allows remote attackers to inject malicious scripts into the 'Blocke...