CWE-79: Cross-site Scripting (XSS)

This vulnerability in Google Chrome's navigation implementation allows attackers to escalate privileges through a crafted HTML page. It affects users ...

CVE-2024-9188 is a cross-site scripting vulnerability in Arista products that allows attackers to inject malicious scripts via specially crafted queri...

MonicaHQ v4.1.2 contains authenticated client-side injection vulnerabilities in the title and description parameters of the reminders creation feature...

This Cross-Site Scripting (XSS) vulnerability in LinZhaoguan pb-cms v2.0 allows remote attackers to inject malicious scripts via the theme management ...

This stored XSS vulnerability in Grocy's edit profile function allows attackers to upload malicious HTML or SVG files that execute arbitrary JavaScrip...

CVE-2024-47093 is a cross-site scripting (XSS) vulnerability in Nagvis versions before 1.9.42 due to improper input sanitization. Attackers can inject...

CVE-2024-51492 is a cross-site scripting (XSS) vulnerability in Zusam self-hosted forum software that allows attackers to execute arbitrary JavaScript...

A Cross-Site Request Forgery (CSRF) vulnerability in Microchip TimeProvider 4100 allows attackers to trick authenticated users into performing uninten...

CVE-2024-38308 is a cross-site scripting (XSS) vulnerability in Advantech ADAM 5550's web application logs page that allows attackers to inject malici...

This is a reflected cross-site scripting (XSS) vulnerability in Forcepoint Email Security's Real Time Monitor modules. Attackers can inject malicious ...

CVE-2024-31199 is a persistent cross-site scripting (XSS) vulnerability that allows attackers to inject malicious JavaScript code into web pages. This...

CVE-2024-41808 is a cross-site scripting (XSS) vulnerability in OpenObserve's dashboard filter selection menu that allows complete account takeover. A...

This vulnerability in Chrome's V8 JavaScript engine allows attackers to corrupt memory objects through specially crafted HTML pages, potentially leadi...

This CSRF vulnerability in idccms v1.35 allows attackers to trick authenticated administrators into performing unauthorized actions by visiting malici...

Hush Line versions before 0.1.0 contain a stored cross-site scripting (XSS) vulnerability in the Inbox functionality. Attackers can inject malicious s...

This is a cross-site scripting (XSS) vulnerability in Hitachi Vantara Pentaho Business Analytics Server that allows attackers to inject malicious cont...

CVE-2024-34058 is a stored cross-site scripting (XSS) vulnerability in the WebTop package for NethServer 7 and 8. It allows attackers to inject malici...

This vulnerability in Visualware MyConnection Server allows remote attackers to bypass authentication via cross-site scripting (XSS) in the doRTAAcces...

This Cross-Site Scripting (XSS) vulnerability in iTop allows attackers to inject malicious scripts into the user's personal tokens display/edit interf...

This is a cross-site scripting (XSS) vulnerability in Xibo Digital Signage platform where unsanitized request headers allow attackers to inject malici...

DedeCMS v5.7 contains a Cross-Site Request Forgery (CSRF) vulnerability in the /dede/stepselect_main.php endpoint. This allows attackers to trick auth...

This DOM-based cross-site scripting vulnerability in JFrog Artifactory allows attackers to inject malicious scripts that execute in users' browsers wh...

The Jenkins iceScrum Plugin 1.1.6 and earlier contains a stored cross-site scripting (XSS) vulnerability where iceScrum project URLs displayed on buil...

This is a cross-site scripting (XSS) vulnerability in Juniper Networks' J-Web interface for SRX and EX Series devices running Junos OS. An attacker ca...

This vulnerability allows attackers to inject malicious scripts into the QStar Archive Solutions web interface via the qnme-ajax?method=tree_level com...

This vulnerability allows attackers to inject malicious JavaScript or HTML into the web interface of Genie Aladdin Connect garage door openers when th...

This DOM-based XSS vulnerability in Palo Alto Networks PAN-OS allows attackers to execute malicious JavaScript in an administrator's browser by tricki...

This CVE describes a cross-site scripting (XSS) vulnerability in iTop's preferences.php page that allows attackers to inject malicious scripts into we...

This Cross-site Scripting (XSS) vulnerability in Home Assistant allows attackers to execute arbitrary JavaScript on the administration page by exploit...

This is a cross-site scripting (XSS) vulnerability in Plesk control panel versions 17.0 through 18.0.31. A malicious subscription owner can inject scr...

StarTrinity Softswitch version 2023-02-16 contains multiple reflected cross-site scripting (XSS) vulnerabilities that allow attackers to inject malici...

This is a cross-site scripting (XSS) vulnerability in PTC Codebeamer that allows attackers to inject and execute arbitrary JavaScript code in admin us...

CVE-2023-33159 is a cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server that allows attackers to inject malicious scripts into web...

A reflected cross-site scripting (XSS) vulnerability in Siemens RUGGEDCOM ROX devices allows attackers to execute malicious JavaScript by tricking use...

This stored cross-site scripting vulnerability in ArubaOS web management interface allows unauthenticated attackers to inject malicious scripts that e...

A Cross-Site Request Forgery vulnerability in POS Codekop v2.0 allows attackers to trick authenticated users into performing unintended actions, poten...

This is a cross-site scripting (XSS) vulnerability in XWiki Platform that allows attackers to inject malicious JavaScript via specially crafted URLs. ...

MonicaHQ 4.0.0 contains a client-side template injection (CSTI) vulnerability in the settings endpoint's first_name parameter that allows authenticate...

This vulnerability allows unauthenticated attackers to execute cross-site scripting (XSS) attacks against Fortinet FortiOS and FortiProxy devices via ...

This vulnerability allows unauthenticated remote attackers to perform reflected cross-site scripting (XSS) attacks against FortiWeb web interfaces by ...

CVE-2022-2140 is a cross-site scripting (XSS) vulnerability in Elcomplus SmartICS v2.3.4.0 that allows authenticated users to inject malicious scripts...

This vulnerability allows attackers to execute arbitrary JavaScript in Directus by uploading HTML and JS files and embedding them in rich text fields....

This CVE describes a Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack that allows attackers to inject malicious scripts into web ...

This is a stored cross-site scripting (XSS) vulnerability in SmarterTools SmarterTrack customer service software. Attackers can inject malicious scrip...

This DOM-based cross-site scripting (XSS) vulnerability in BIG-IP DNS & GTM Configuration utility allows attackers to execute malicious JavaScript in ...

CVE-2021-44726 is a DOM-based cross-site scripting (XSS) vulnerability in KNIME Server's old WebPortal login page. It allows attackers to inject malic...

This vulnerability in hostel management system 2.1 allows attackers to perform Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) attack...

This vulnerability in the St-Daily-Tip WordPress plugin allows attackers to trick logged-in administrators into saving malicious JavaScript code in th...

This vulnerability allows attackers to inject malicious scripts via the help page of InHand Networks IR615 routers, which are then executed in victims...

This vulnerability in the Blue Admin WordPress plugin allows attackers to inject malicious scripts into the 'Logo Title' setting, which then executes ...