Cross-Site Scripting

This CVE describes a reflected cross-site scripting (XSS) vulnerability in AKCE Software's SKSPro product. Attackers can inject malicious scripts into...

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to inject malicious scripts into pages using the Happy...

The Mail Mint WordPress plugin is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to 1.19.2, allowing unauthenticated attackers to ...

This stored XSS vulnerability in the LatePoint WordPress plugin allows unauthenticated attackers to inject malicious scripts into customer profile fie...

The Form Maker WordPress plugin has a stored XSS vulnerability in versions up to 1.15.35. Unauthenticated attackers can inject malicious JavaScript in...

The Form Maker by 10Web WordPress plugin allows unauthenticated attackers to upload malicious SVG files containing JavaScript code due to weak file ex...

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to inject malicious scripts into web pages via the Bor...

This is a cross-site scripting (XSS) vulnerability in MediaWiki's jQueryMsg JavaScript library that allows attackers to inject malicious scripts into ...

This CVE describes a cross-site scripting (XSS) vulnerability in MediaWiki's page preview JavaScript component. Attackers can inject malicious scripts...

This CVE describes a cross-site scripting (XSS) vulnerability in Wikimedia VisualEditor's clipboard handling component. It allows attackers to inject ...

This is a cross-site scripting (XSS) vulnerability in Wikimedia Foundation's Vector skin that allows attackers to inject malicious scripts into web pa...

This CVE describes a cross-site scripting (XSS) vulnerability in MediaWiki's CommentFormatter/CommentParser.php that allows attackers to inject malici...

This is a cross-site scripting (XSS) vulnerability in MediaWiki's ApiSandboxLayout.js file that allows attackers to inject malicious scripts into web ...

This vulnerability in MediaWiki and its Cite extension allows attackers to inject malicious content through parser functions. It affects all MediaWiki...

This CVE describes a cross-site scripting (XSS) vulnerability in Wikimedia Foundation's CheckUser extension. Attackers can inject malicious scripts in...

This CVE describes a cross-site scripting (XSS) vulnerability in Wikimedia Foundation's VisualEditor component. Attackers can inject malicious scripts...

This is a cross-site scripting (XSS) vulnerability in MediaWiki's CodexTablePager component that allows attackers to inject malicious scripts into web...

This CVE describes a cross-site scripting (XSS) vulnerability in Wikimedia Foundation's CheckUser extension. It allows attackers to inject malicious s...

This is a cross-site scripting (XSS) vulnerability in Wikimedia Foundation's CheckUser extension that allows attackers to inject malicious scripts int...

This is a cross-site scripting (XSS) vulnerability in MediaWiki's JavaScript language module that allows attackers to inject malicious scripts into we...

This CVE describes a cross-site scripting (XSS) vulnerability in MediaWiki's HTML form components that allows attackers to inject malicious scripts in...

This CVE describes a cross-site scripting (XSS) vulnerability in MediaWiki's WatchlistTopSectionWidget.js component. It allows attackers to inject mal...

This is a cross-site scripting (XSS) vulnerability in MediaWiki's HTMLButtonField.php that allows attackers to inject malicious scripts into web pages...

This is a cross-site scripting (XSS) vulnerability in MediaWiki's edit preview functionality. Attackers can inject malicious scripts that execute in u...

This is a cross-site scripting (XSS) vulnerability in MediaWiki and Parsoid that allows attackers to inject malicious scripts into web pages. It affec...

This is a cross-site scripting (XSS) vulnerability in MediaWiki's RclToOrFromWidget.js component that allows attackers to inject malicious scripts int...

A stored cross-site scripting (XSS) vulnerability exists in Talishar's in-game chat system where the playerID parameter in SubmitChat.php is saved wit...

This vulnerability in jsPDF allows attackers to inject arbitrary PDF objects, including JavaScript actions, through user-controlled input to specific ...

This reflected XSS vulnerability in FacturaScripts allows attackers to inject malicious scripts into error messages that get executed in users' browse...

A stored XSS vulnerability in FacturaScripts allows attackers to inject malicious JavaScript into the Observations field, which executes when administ...

This XSS vulnerability in MediaWiki's ApiSandbox.js allows attackers to inject malicious scripts into web pages viewed by other users. It affects Medi...

This CVE describes a cross-site scripting (XSS) vulnerability in Wikimedia Foundation's MultimediaViewer component. Attackers can inject malicious scr...

This is a cross-site scripting (XSS) vulnerability in Wikimedia's Vector skin that allows attackers to inject malicious scripts into web pages. It aff...

Multiple reflected cross-site scripting (XSS) vulnerabilities in Subrion CMS v4.2.1 installation module allow attackers to inject malicious JavaScript...

A stored cross-site scripting vulnerability in Tendenci CMS allows attackers to inject malicious scripts into the Jobs module. When users view affecte...

A stored cross-site scripting (XSS) vulnerability in Tendenci CMS v15.3.7 allows attackers to inject malicious scripts into forum posts that execute w...

A cross-site scripting vulnerability in the email function of Cybozu Garoon allows attackers to inject malicious scripts that can reset arbitrary user...

A cross-site scripting vulnerability in the Message function of Cybozu Garoon allows attackers to inject malicious scripts that can reset arbitrary us...

The Library Viewer WordPress plugin before version 3.2.0 contains a reflected cross-site scripting (XSS) vulnerability where unsanitized parameters ar...

This CVE describes a cross-site scripting (XSS) vulnerability in D-Link DSL-6641K routers running firmware version N8.TR069.20131126. Attackers can in...

QWE DL 2.0.1 mobile web application has a persistent cross-site scripting (XSS) vulnerability in path parameters that allows attackers to inject malic...

Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting (XSS) vulnerability in the name parameter. Attackers can inject malicious scr...

BootCommerce 3.2.1 contains persistent cross-site scripting (XSS) vulnerabilities in guest order checkout input fields. Attackers can inject malicious...

CVE-2022-50942 is a client-side cross-site scripting vulnerability in Icinga Web 2.8.2 that allows attackers to inject malicious scripts through the i...

WiFi File Transfer 1.0.8 has a persistent cross-site scripting vulnerability where attackers can inject malicious JavaScript through file and folder n...

Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the profile name input field. Attackers can i...

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious scri...

Simple CMS 2.1 contains a reflected cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can craft malicious URLs cont...

WebMO Job Manager 20.0 contains a reflected cross-site scripting vulnerability in search parameters that allows attackers to inject malicious JavaScri...