CWE-79: Cross-site Scripting (XSS)

This vulnerability allows attackers to inject malicious scripts via the help page of InHand Networks IR615 routers, which are then executed in victims...

This vulnerability in the Blue Admin WordPress plugin allows attackers to inject malicious scripts into the 'Logo Title' setting, which then executes ...

This is a cross-site scripting (XSS) vulnerability in LedgerSMB that allows attackers to inject malicious HTML fragments into the DOM. When exploited,...

This vulnerability in the Contact Form 7 Captcha WordPress plugin allows attackers to change plugin settings without user consent via CSRF attacks, an...

This vulnerability allows remote attackers to inject malicious HTML code into IBM Cognos Analytics. When authenticated users view the compromised cont...

This is a cross-site scripting (XSS) vulnerability in WAGO managed switches that allows attackers to inject malicious code into the web-based manageme...

This is a cross-site scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web interface that allows an attacker to hijack another user's activ...

This vulnerability allows authenticated attackers to upload malicious SVG files and create hotlinks that execute stored cross-site scripting (XSS) att...

This stored XSS vulnerability in Gogs allows authenticated users to inject malicious JavaScript via data: URIs in comments and issue descriptions. The...

A stored cross-site scripting vulnerability in OpenEMR's GAD-7 anxiety assessment form allows authenticated clinicians to inject malicious JavaScript....

Authenticated users in Traccar GPS tracking system can upload malicious SVG files containing JavaScript, which executes in other users' browsers when ...

A stored cross-site scripting (XSS) vulnerability in Statmatic CMS allows authenticated users with content creation permissions to inject malicious Ja...

Authenticated students can inject malicious JavaScript into uploaded assignment files in Open eClass platform. When instructors view these submissions...

OpenProject versions 16.3.0 through 16.6.4 have a stored cross-site scripting vulnerability in the Roadmap view that allows attackers to inject malici...

This is a stored cross-site scripting (XSS) vulnerability in ConnectWise PSA's Time Entry Audit Trail feature. Attackers can inject malicious scripts ...

LaSuite Doc versions 3.8.0 to 4.3.0 contain a stored XSS vulnerability in the Interlinking feature. Attackers with document editing privileges can inj...

This vulnerability allows an authenticated user to inject malicious scripts into GitLab's Markdown rendering, which then executes in other users' brow...

This stored cross-site scripting (XSS) vulnerability in phpgurukul Hostel Management System v2.1 allows attackers to inject malicious scripts into com...

A stored XSS vulnerability in TrueConf Server v5.5.2.10813 allows attackers to inject malicious scripts via the meeting location field. When users vie...

This vulnerability allows authenticated GitLab users to perform unauthorized actions on behalf of other users by creating wiki pages with malicious co...

A reflected Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator allows attackers to inject malicious scripts into web ...

A stored cross-site scripting (XSS) vulnerability in Open WebUI allows authenticated users to upload malicious Markdown files containing SVG tags that...

A stored XSS vulnerability in DELMIA Service Process Engineer allows attackers to inject malicious scripts into Service Items Management pages. When u...

A stored Cross-site Scripting (XSS) vulnerability in ENOVIA Product Manager allows attackers to inject malicious scripts that execute in users' browse...

This cross-site scripting (XSS) vulnerability in Dynamics 365 Field Service allows authenticated attackers to inject malicious scripts into web pages....

This cross-site scripting (XSS) vulnerability in Dynamics 365 Field Service allows authenticated attackers to inject malicious scripts into web pages....

Open WebUI versions 0.6.34 and below contain a DOM-based cross-site scripting (XSS) vulnerability in the custom prompt insertion feature. When 'Insert...

This cross-site scripting vulnerability in UltimatePOS 4.8 allows authenticated attackers to inject malicious JavaScript into the admin log panel. Whe...

A stored Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator allows attackers to inject malicious scripts into issue m...

A stored Cross-site Scripting (XSS) vulnerability in 3DSwym within 3DSwymer on Release 3DEXPERIENCE R2025x allows attackers to inject malicious script...

This vulnerability in Kibana allows attackers to inject malicious scripts into web pages through improper input neutralization, leading to stored cros...

This is a cross-site scripting (XSS) vulnerability in GitLab that allows attackers to inject malicious content, potentially leading to account takeove...

A stored cross-site scripting vulnerability in Autodesk Fusion allows malicious HTML payloads to execute arbitrary code when rendered by the applicati...

This stored cross-site scripting (XSS) vulnerability in JetBrains YouTrack allows attackers to inject malicious scripts into Mermaid diagram content t...

A stored Cross-Site Scripting (XSS) vulnerability in n8n's Form Trigger node allows authenticated attackers to inject malicious HTML/JavaScript. This ...

This vulnerability in GitLab allows attackers to inject malicious scripts that execute in users' browsers when viewing specially crafted content, lead...

This CVE describes a cross-site scripting (XSS) vulnerability in GitLab that allows attackers to inject malicious content. Under certain conditions, s...

This vulnerability in GitLab EE allows attackers to execute malicious JavaScript in users' browsers through cross-site scripting (XSS) attacks while b...

This vulnerability allows attackers to execute arbitrary JavaScript code in users' browsers through GitLab's snippet viewer functionality. It affects ...

A stored Cross-site Scripting (XSS) vulnerability in Dassault Systèmes 3DEXPERIENCE Project Portfolio Manager allows attackers to inject malicious sc...

A stored Cross-site Scripting (XSS) vulnerability in Dassault Systèmes' 3DEXPERIENCE platform allows attackers to inject malicious scripts into Resul...

A stored Cross-site Scripting (XSS) vulnerability in Dassault Systèmes 3DEXPERIENCE Product Manager's Change Governance component allows attackers to...

A stored Cross-site Scripting (XSS) vulnerability in Service Items Management within Service Process Engineer allows attackers to inject malicious scr...

A stored Cross-site Scripting (XSS) vulnerability in City Referential Manager on 3DEXPERIENCE R2025x allows attackers to inject malicious scripts that...

A stored Cross-site Scripting (XSS) vulnerability in the Compare feature of Collaborative Industry Innovator within 3DEXPERIENCE allows attackers to i...

This vulnerability in GitLab EE allows attackers to execute malicious scripts in users' browsers by bypassing Content Security Policy protections. It ...

This cross-site scripting vulnerability in GitLab allows attackers to inject malicious scripts through improperly rendered file types. When exploited,...

This vulnerability allows Cross-Site Scripting (XSS) attacks through error messages in GitLab's AppSec feature. Attackers can inject malicious scripts...

A stored Cross-site Scripting (XSS) vulnerability in ENOVIA Product Engineering Specialist allows attackers to inject malicious scripts that execute i...

A stored Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator's 3D Markup feature allows attackers to inject malicious ...