CWE-79: Cross-site Scripting (XSS)

This reflected cross-site scripting (XSS) vulnerability in Liferay Portal and DXP allows remote attackers to inject malicious scripts into the 'Blocke...

This stored cross-site scripting (XSS) vulnerability in Liferay's Expando module allows authenticated attackers to inject malicious scripts into geolo...

Ghost CMS versions up to 5.76.0 contain a stored cross-site scripting (XSS) vulnerability in SVG profile picture uploads. A contributor-level attacker...

A cross-site scripting vulnerability in WWBN AVideo's channelBody.php allows attackers to inject malicious JavaScript via user name input. When exploi...

This vulnerability in Stud.IP learning management system allows attackers to upload malicious files through cross-site scripting (XSS) due to insuffic...

This vulnerability allows any authenticated ILIAS user to execute arbitrary operating system commands when a privileged administrator account interact...

This is a stored cross-site scripting (XSS) vulnerability in XWiki Platform that allows attackers to inject malicious scripts into error messages when...

This is a stored cross-site scripting (XSS) vulnerability in XWiki Platform that allows attackers with user accounts to inject malicious JavaScript in...

This stored XSS vulnerability in Liferay Portal/DXP allows attackers to inject malicious scripts into wiki pages through the content field. When other...

A stored cross-site scripting (XSS) vulnerability in Liferay Portal and DXP allows attackers to inject malicious scripts into page names. When users v...

This stored cross-site scripting (XSS) vulnerability in Liferay Portal/DXP allows attackers to inject malicious scripts into vocabulary descriptions. ...

This is a Cross-Site Scripting (XSS) vulnerability in BuddyBoss platform version 2.2.9 that allows authenticated users with basic privileges to inject...

This cross-site scripting (XSS) vulnerability in FileBrowser allows authenticated attackers to escalate privileges to Administrator by tricking users ...

This stored XSS vulnerability in XWiki Platform allows any registered user to inject malicious JavaScript into their time zone preference, which execu...

This stored cross-site scripting (XSS) vulnerability in Advantech EKI-1524, EKI-1522, and EKI-1521 devices allows authenticated attackers to inject ma...

This Cross-Site Scripting (XSS) vulnerability in Xoops CMS allows remote attackers to inject malicious scripts via the category name field in the imag...

This CVE describes a Cross-Site Scripting (XSS) vulnerability in the textMessage field of the LoginServlet.java file in wliang6 ChatEngine. Attackers ...

This vulnerability allows any user with edit rights in XWiki Platform to edit all pages in the CKEditor space, enabling harmful actions like deleting ...

This stored cross-site scripting (XSS) vulnerability in XWiki Platform allows users with edit rights to inject malicious scripts into wiki pages. When...

This stored cross-site scripting (XSS) vulnerability in XWiki Platform allows users with document editing permissions to inject malicious HTML code. W...

This vulnerability allows attackers to inject malicious scripts into the Danfoss AK-EM100 web applications, which are then reflected back to users' br...

This vulnerability allows attackers to inject malicious scripts into the title parameter of Danfoss AK-EM100 web applications, which are then reflecte...

This stored cross-site scripting (XSS) vulnerability in TeamPass allows attackers to inject malicious scripts into the application, which are then exe...

This vulnerability allows attackers to inject malicious JavaScript into the Device ID field in Comcast's microeisbss inventory management system. When...

This vulnerability allows remote attackers to inject malicious JavaScript code via the 'from' parameter in the edit user form of the eScan management ...

A stored cross-site scripting (XSS) vulnerability in jellyfin-web allows attackers to make arbitrary REST API calls with admin privileges. When combin...

This vulnerability allows cross-site scripting (XSS) via invalid HTML comments in XWiki's restricted HTML cleaner mode. When exploited, it enables Jav...

This vulnerability allows cross-site scripting (XSS) attacks in XWiki Commons' HTML cleaner restricted mode, which insufficiently filtered dangerous H...

This is a cross-site scripting (XSS) vulnerability in the Wyomind Help Desk Magento 2 extension that allows attackers to inject malicious scripts into...

This stored cross-site scripting (XSS) vulnerability in the Answer software allows attackers to inject malicious scripts that execute in users' browse...

This stored cross-site scripting (XSS) vulnerability in the Answer software allows attackers to inject malicious scripts that execute when other users...

This CVE describes a cross-site scripting (XSS) vulnerability in HP Deskjet 2540 series printers that allows authenticated attackers to inject malicio...

CVE-2022-31035 is a cross-site scripting (XSS) vulnerability in Argo CD that allows attackers to inject malicious JavaScript links into the UI. When c...

CVE-2021-43932 is a cross-site scripting (XSS) vulnerability in Elcomplus SmartPTT SCADA software where attackers can inject malicious JavaScript into...

Turtlapp Turtle Note v0.7.2.6 has an HTML injection vulnerability where attackers can inject malicious <meta> tags during markdown parsing. This allow...

CVE-2022-28464 is a cross-site scripting (XSS) vulnerability in Apifox API development platform versions through 2.1.6 that allows attackers to inject...

This stored cross-site scripting (XSS) vulnerability in Organizr allows attackers to inject malicious scripts via filenames, which are then executed i...

A stored XSS vulnerability in REDCap's Missing Data Codes functionality allows attackers to inject malicious JavaScript that executes in users' browse...

CVE-2022-24123 is a critical vulnerability in MarkText that allows remote code execution through malicious markdown files. Attackers can craft .md fil...

CVE-2021-3985 is a cross-site scripting (XSS) vulnerability in Kimai2 time-tracking software that allows attackers to inject malicious scripts into we...

This CVE describes stored and reflected XSS vulnerabilities in TIBCO PartnerExpress that allow low-privileged attackers to inject malicious scripts. W...

This stored cross-site scripting (XSS) vulnerability in the Simple Download Monitor WordPress plugin allows users with Contributor role or higher to i...

This CVE describes stored and reflected cross-site scripting (XSS) vulnerabilities in TIBCO WebFOCUS components that allow low-privileged attackers to...

Dolibarr ERP CRM versions 2.8.1 to 13.0.2 contain a stored cross-site scripting (XSS) vulnerability in the WYSIWYG Editor module's Private Note field....

CVE-2020-27832 is a persistent cross-site scripting (XSS) vulnerability in Red Hat Quay that allows attackers to inject malicious scripts into reposit...

CVE-2020-35128 is a stored cross-site scripting (XSS) vulnerability in Mautic that allows attackers with company management permissions to inject mali...

This stored cross-site scripting (XSS) vulnerability in QNAP File Station allows remote attackers to inject malicious scripts that execute when users ...

This stored Cross-Site Scripting (XSS) vulnerability in Adobe Experience Manager allows attackers to inject malicious JavaScript into vulnerable form ...

This cross-site scripting (XSS) vulnerability in LiquidFiles allows attackers to execute malicious scripts when users access specially crafted HTML at...

This stored cross-site scripting (XSS) vulnerability in SolarWinds Orion Platform allows attackers to inject malicious scripts into multiple forms and...