CVE Daily
← All tags

Tag: Cross-site Scripting (XSS)

All CVEs associated with "Cross-site Scripting (XSS)". Page 6/8 • 871 CVEs.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-07-08
Medium

CVE-2025-5570

The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwai_chatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to insufficient input san…

CVSS: 5.4 CWE: CWE-79
Read more
2025-07-07
Low

CVE-2025-7113

A vulnerability was found in Portabilis i-Educar 2.9.0. It has been classified as problematic. Affected is an unknown function of the file /module/ComponenteCurricular/edit?id=ID of the component Cur…

CVSS: 3.5 CWE: CWE-79
Read more
Low

CVE-2025-7112

A vulnerability was found in Portabilis i-Educar 2.9.0 and classified as problematic. This issue affects some unknown processing of the file /intranet/educar_funcao_det.php?cod_funcao=COD&ref_cod_ins…

CVSS: 3.5 CWE: CWE-79
Read more
Low

CVE-2025-7111

A vulnerability has been found in Portabilis i-Educar 2.9.0 and classified as problematic. This vulnerability affects unknown code of the file /intranet/educar_curso_det.php?cod_curso=ID of the compo…

CVSS: 3.5 CWE: CWE-79
Read more
Low

CVE-2025-7110

A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9.0. This affects an unknown part of the file /intranet/educar_escola_lst.php of the component School Module.…

CVSS: 3.5 CWE: CWE-79
Read more
Low

CVE-2025-7109

A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file /intranet/educar_aluno_beneficio_ls…

CVSS: 3.5 CWE: CWE-79
Read more
2025-07-04
Medium

CVE-2025-7066

Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME…

CVSS: 6.1 CWE: CWE-79
Read more
2025-07-02
Medium

CVE-2025-20307

A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform could allow an authenticated, remote attacker to to conduct cross-site scripting (XSS) attacks…

CVSS: 4.8 CWE: CWE-79
Read more
Medium

CVE-2025-20310

A vulnerability in the web UI of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the inte…

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2024-11405

The WP Front-end login and register plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the email and wpmp_reset_password_token parameters in all versions up to, and including, 2…

CVSS: 6.1 CWE: CWE-79
Read more
2025-07-01
Medium

CVE-2025-6756

The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's UACF7_CUSTOM_FIELDS shortcode in all versions up to, and including, 3.5.21 due t…

CVSS: 6.4 CWE: CWE-79
Read more
2025-06-27
High

CVE-2025-49321

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arraytics Eventin allows Reflected XSS. This issue affects Eventin: from n/a through 4.0.28.

CVSS: 7.1 CWE: CWE-79
Read more
2025-06-26
Medium

CVE-2025-6674

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor5 Youtube allows Cross-Site Scripting (XSS).This issue affects CKEditor5 Youtube:…

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2025-5559

The TimeZoneCalculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'timezonecalculator_output' shortcode in all versions up to, and including, 3.37 due to insuf…

CVSS: 6.4 CWE: CWE-79
Read more
2025-06-24
Medium

CVE-2025-6430

When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making a we…

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2025-47943

Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting (XSS) vulnerability present in Gogs, which allows client-side Javas…

CVSS: 6.3 CWE: CWE-79
Read more
2025-06-21
Medium

CVE-2025-1987

A Cross-Site Scripting (XSS) vulnerability has been identified in Psono-Client’s handling of vault entries of type website_password and bookmark, as used in Bitdefender SecurePass. The client does no…

CVSS: 6.1 CWE: CWE-79
Read more
2025-06-19
Medium

CVE-2025-5234

The Gutenverse News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘elementId’ parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization…

CVSS: 6.4 CWE: CWE-79
Read more
Medium

CVE-2025-5490

The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.4 due to insufficient input sanitization and output e…

CVSS: 5.5 CWE: CWE-79
Read more
2025-06-18
Medium

CVE-2025-49590

CryptPad is a collaboration suite. Prior to version 2025.3.0, the "Link Bouncer" functionality attempts to filter javascript URIs to prevent Cross-Site Scripting (XSS), however this can be bypassed.…

CVSS: 6.1 CWE: CWE-692
Read more
Medium

CVE-2025-1349

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged us…

CVSS: 5.5 CWE: CWE-79
Read more
Medium

CVE-2024-54183

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to…

CVSS: 5.4 CWE: CWE-79
Read more
2025-06-17
Medium

CVE-2025-49149

Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious…

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2025-6050

Mezzanine CMS, in versions prior to 6.1.1, contains a Stored Cross-Site Scripting (XSS) vulnerability in the admin interface. The vulnerability exists in the "displayable_links_js" function, which fa…

CVSS: 4.8 CWE: CWE-79
Read more
2025-06-16
Low

CVE-2025-6131

A vulnerability, which was classified as problematic, was found in CodeAstro Food Ordering System 1.0. Affected is an unknown function of the file /admin/store/edit/ of the component POST Request Par…

CVSS: 2.4 CWE: CWE-79
Read more
2025-06-15
High

CVE-2025-5990

An input neutralization vulnerability in the Server Name form and API Key form components of Crafty Controller allows a remote, authenticated attacker to perform stored XSS via malicious form input.

CVSS: 7.6 CWE: CWE-79
Read more
2025-06-13
Medium

CVE-2025-48919

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0…

CVSS: 5.0 CWE: CWE-79
Read more
High

CVE-2025-48918

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0…

CVSS: 8.8 CWE: CWE-79
Read more
2025-06-12
High

CVE-2025-2254

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionalit…

CVSS: 8.7 CWE: CWE-79
Read more
2025-06-10
Medium

CVE-2025-47042

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts in…

CVSS: 5.4 CWE: CWE-79
Read more
Medium

CVE-2025-47041

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts in…

CVSS: 5.4 CWE: CWE-79
Read more
Medium

CVE-2025-47040

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts in…

CVSS: 5.4 CWE: CWE-79
Read more
Medium

CVE-2025-47039

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts in…

CVSS: 5.4 CWE: CWE-79
Read more
Medium

CVE-2025-46953

Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts in…

CVSS: 5.4 CWE: CWE-79
Read more
High

CVE-2025-47110

Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attack…

CVSS: 8.4 CWE: CWE-79
Read more
Medium

CVE-2025-4774

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-countdown attribute of Countdown widget in all versions up to, and including, 4.11.8 du…

CVSS: 6.4 CWE: CWE-79
Read more
Medium

CVE-2025-4577

The Smash Balloon Social Post Feed – Simple Social Feeds for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-color attribute in all versions up to, and includ…

CVSS: 6.4 CWE: CWE-79
Read more
Medium

CVE-2025-2918

The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 3.3.3 due to insufficient in…

CVSS: 6.4 CWE: CWE-79
Read more
2025-06-07
Medium

CVE-2025-5568

The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output e…

CVSS: 6.4 CWE: CWE-79
Read more
Medium

CVE-2025-5528

The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.…

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2024-9994

The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_pricing_item_…

CVSS: 6.4 CWE: CWE-79
Read more
Medium

CVE-2024-9993

The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eael_event_details…

CVSS: 6.4 CWE: CWE-79
Read more
2025-06-06
Medium

CVE-2025-5703

The StageShow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘anchor’ parameter in all versions up to, and including, 10.0.3 due to insufficient input sanitization and outp…

CVSS: 6.4 CWE: CWE-79
Read more
2025-06-05
Medium

CVE-2025-30084

A stored XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized befo…

CVSS: 6.1 CWE: CWE-79
Read more
2025-06-04
Medium

CVE-2025-32015

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the `<iframe srcdoc>` attribute, which leads to cross-site scripting (XSS) by loading an at…

CVSS: 6.7 CWE: CWE-79
Read more
Medium

CVE-2025-22245

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.

CVSS: 5.9 CWE: CWE-79
Read more
Medium

CVE-2025-22244

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.

CVSS: 6.9 CWE: CWE-79
Read more
High

CVE-2025-22243

VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.

CVSS: 7.5 CWE: CWE-79
Read more
Medium

CVE-2025-20279

A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To exploit this vulnerab…

CVSS: 4.8 CWE: CWE-79
Read more
Medium

CVE-2025-20273

A vulnerability in the web-based management interface of Cisco Unified Intelligent Contact Management Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS…

CVSS: 6.1 CWE: CWE-79
Read more
2025-06-03
Medium

CVE-2025-4567

The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/pos…

CVSS: 4.8 CWE: CWE-79
Read more
2025-05-29
Medium

CVE-2025-4670

The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edd_receipt shortcode in all versions up…

CVSS: 6.4 CWE: CWE-79
Read more
2025-05-27
Medium

CVE-2025-5198

A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. The only known potential exploit is if the script i…

CVSS: 5.0 CWE: CWE-79
Read more
Medium

CVE-2025-4783

The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML attributes of the Countdown Timer Widget in all versions up to, and including, 2.7.9.…

CVSS: 6.4 CWE: CWE-79
Read more
2025-05-22
Medium

CVE-2025-4405

The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 1.9.2 due to insufficient input sanitization and…

CVSS: 4.9 CWE: CWE-79
Read more
High

CVE-2025-4123

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend…

CVSS: 7.6 CWE: CWE-79
Read more
2025-05-21
Medium

CVE-2025-20267

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a use…

CVSS: 4.8 CWE: CWE-80
Read more
Medium

CVE-2025-20250

A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input.…

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2025-20247

A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input.…

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2025-20246

A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input.…

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2025-48206

The ns_backup extension through 13.0.0 for TYPO3 allows XSS.

CVSS: 6.1 CWE: CWE-79
Read more
2025-05-19
Medium

CVE-2025-48253

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Free Shipping Bar: Amount Left for Free Shipping for WooCommerce allows Stored XSS. Thi…

CVSS: 6.5 CWE: CWE-79
Read more
2025-05-15
Medium

CVE-2025-1303

The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used agai…

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2025-1289

The Plugin Oficial WordPress plugin through 1.7.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attac…

CVSS: 4.8 CWE: CWE-79
Read more
2025-05-14
Medium

CVE-2025-33104

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functio…

CVSS: 4.4 CWE: CWE-79
Read more
Medium

CVE-2024-56157

iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can be performed when importing this cont…

CVSS: 6.3 CWE: CWE-79
Read more
2025-05-12
Medium

CVE-2025-41393

Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed…

CVSS: 6.1 CWE: CWE-79
Read more
2025-05-07
Medium

CVE-2025-20147

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a stored cross-site scr…

CVSS: 5.4 CWE: CWE-79
Read more
2025-05-03
Medium

CVE-2024-41753

IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF004 and 24.0.1 through 24.0.1 IF001 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed…

CVSS: 6.1 CWE: CWE-79
Read more
2025-04-26
Medium

CVE-2025-46654

CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references an uploaded .js file.

CVSS: 4.9 CWE: CWE-424
Read more
2025-04-25
Medium

CVE-2025-2986

IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intend…

CVSS: 5.5 CWE: CWE-79
Read more
2025-04-23
Critical

CVE-2025-2767

Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Fir…

CVSS: 9.6 CWE: CWE-79
Read more
2025-04-22
Medium

CVE-2025-2839

The WP Import Export Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpiePreviewData’ function in all versions up to, and including, 3.9.27 due to insufficient input s…

CVSS: 6.4 CWE: CWE-79
Read more
2025-04-15
Medium

CVE-2025-2225

The Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘rael_title_tag' parameter in all…

CVSS: 6.4 CWE: CWE-79
Read more
2025-04-14
Medium

CVE-2022-43850

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit…

CVSS: 5.4 CWE: CWE-79
Read more
Medium

CVE-2022-43847

IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks ag…

CVSS: 5.4 CWE: CWE-644
Read more
2025-04-13
Medium

CVE-2025-3423

IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intend…

CVSS: 5.4 CWE: CWE-79
Read more
2025-04-10
Medium

CVE-2023-42007

IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended…

CVSS: 5.4 CWE: CWE-79
Read more
Medium

CVE-2025-32198

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themefusecom Brizy. This issue affects Brizy: from n/a through 2.6.14.

CVSS: 6.5 CWE: CWE-79
Read more
2025-04-09
Medium

CVE-2023-33844

IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality…

CVSS: 5.4 CWE: CWE-79
Read more
Medium

CVE-2025-3100

The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in al…

CVSS: 6.4 CWE: CWE-79
Read more
2025-04-08
Medium

CVE-2025-27205

Adobe Experience Manager Screens versions FP11.3 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious sc…

CVSS: 5.4 CWE: CWE-79
Read more
Low

CVE-2025-22855

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Fortinet FortiClient before 7.4.1 may allow the EMS administrator to send messages co…

CVSS: 2.7 CWE: CWE-79
Read more
Medium

CVE-2025-2808

The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Phone Number parameter in all versions up to, and including, 1.4.63…

CVSS: 5.4 CWE: CWE-79
Read more
2025-04-03
Low

CVE-2025-3149

A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been classified as problematic. Affected is an unknown function of the file /shw_war/fileupload of the compo…

CVSS: 2.4 CWE: CWE-79
Read more
2025-04-02
Medium

CVE-2025-20203

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a st…

CVSS: 4.8 CWE: CWE-79
Read more
Medium

CVE-2025-20120

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a…

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2024-56475

IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the…

CVSS: 5.4 CWE: CWE-79
Read more
Medium

CVE-2024-56341

IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering t…

CVSS: 5.4 CWE: CWE-79
Read more
2025-04-01
High

CVE-2025-30844

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Watu Quiz allows Reflected XSS. This issue affects Watu Quiz: from n/a through 3.4.2.

CVSS: 7.1 CWE: CWE-79
Read more
2025-03-31
Critical

CVE-2025-30223

Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting (XSS) vulnerability exists in Beego's RenderForm() function due to improper HTML escaping…

CVSS: 9.3 CWE: CWE-79
Read more
2025-03-29
Medium

CVE-2024-11180

The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer Widget ekit_countdown_timer_title parameter in all versions up to, and inclu…

CVSS: 6.4 CWE: CWE-79
Read more
2025-03-27
High

CVE-2025-2255

An issue has been discovered in Gitlab EE/CE for AppSec affecting all versions from 13.5.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Certain error messages could allow Cross-Site S…

CVSS: 8.7 CWE: CWE-79
Read more
High

CVE-2025-0811

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site…

CVSS: 8.7 CWE: CWE-79
Read more
Medium

CVE-2025-30907

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SecuPress SecuPress Free allows DOM-Based XSS. This issue affects SecuPress Free: from n/a throug…

CVSS: 6.5 CWE: CWE-79
Read more
Medium

CVE-2025-2685

The TablePress – Tables in WordPress made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘table-name’ parameter in all versions up to, and including, 3.0.4 due to insu…

CVSS: 6.4 CWE: CWE-79
Read more
2025-03-26
Medium

CVE-2025-1439

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2024.5 due to insufficient inp…

CVSS: 6.4 CWE: CWE-79
Read more
Medium

CVE-2025-1437

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2024.5 due to insufficient inp…

CVSS: 6.4 CWE: CWE-79
Read more
2025-03-25
Medium

CVE-2024-53679

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of…

CVSS: 5.4 CWE: CWE-79
Read more
2025-03-24
Medium

CVE-2025-2711

A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been classified as problematic. Affected is an unknown function of the file /help/systop.jsp. The manipulation of the argument langcode le…

CVSS: 4.3 CWE: CWE-79
Read more
Low

CVE-2025-2699

A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation…

CVSS: 3.5 CWE: CWE-79
Read more
2025-03-20
Medium

CVE-2025-27888

Severity: medium (5.8) / important Server-Side Request Forgery (SSRF), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), URL Redirection to Untrusted Site ('Open…

CVSS: 5.4 CWE: CWE-79
Read more
Medium

CVE-2025-0183

A stored cross-site scripting (XSS) vulnerability exists in the Latex Proof-Reading Module of binary-husky/gpt_academic version 3.9.0. This vulnerability allows an attacker to inject malicious script…

CVSS: 5.4 CWE: CWE-79
Read more
Medium

CVE-2024-9107

A stored cross-site scripting (XSS) vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, affecting version git 20b2e02. The vulnerability arises from improper sanitization of HTML tags…

CVSS: 5.4 CWE: CWE-79
Read more
Medium

CVE-2024-8029

An XSS vulnerability was discovered in the upload file(s) process of imartinez/privategpt v0.5.0. Attackers can upload malicious SVG files, which execute JavaScript when victims click on the file lin…

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2024-8027

A stored Cross-Site Scripting (XSS) vulnerability exists in netease-youdao/QAnything. Attackers can upload malicious knowledge files to the knowledge base, which can trigger XSS attacks during user c…

CVSS: 6.1 CWE: CWE-79
Read more
Critical

CVE-2024-8017

An XSS vulnerability exists in open-webui/open-webui versions <= 0.3.8, specifically in the function that constructs the HTML for tooltips. This vulnerability allows attackers to perform operations w…

CVSS: 9.0 CWE: CWE-79
Read more
High

CVE-2024-7990

A stored cross-site scripting (XSS) vulnerability exists in open-webui/open-webui version 0.3.8. The vulnerability is present in the `/api/v1/models/add` endpoint, where the model description field i…

CVSS: 8.4 CWE: CWE-79
Read more
High

CVE-2024-7044

A Stored Cross-Site Scripting (XSS) vulnerability exists in the chat file upload functionality of open-webui/open-webui version 0.3.8. An attacker can inject malicious content into a file, which, whe…

CVSS: 8.9 CWE: CWE-79
Read more
Medium

CVE-2024-11850

A stored cross-site scripting (XSS) vulnerability exists in the latest version of langgenius/dify. The vulnerability is due to improper validation and sanitization of user input in SVG markdown suppo…

CVSS: 5.4 CWE: CWE-79
Read more
High

CVE-2024-11824

A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest, specifically in the chat log functionality. The vulnerability arises because certain HTML tags like <input>…

CVSS: 7.6 CWE: CWE-79
Read more
High

CVE-2024-10819

A Cross-Site Request Forgery (CSRF) vulnerability in version 3.83 of binary-husky/gpt_academic allows an attacker to trick a user into uploading files without their consent, exploiting their session.…

CVSS: 8.8 CWE: CWE-352
Read more
Medium

CVE-2024-10481

A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability allows attackers to host malicious websites that, when visited by authenticated ComfyUI users, can perf…

CVSS: 6.5 CWE: CWE-352
Read more
2025-03-17
Medium

CVE-2021-26087

An improper neutralization of input during web page generation in FortiWLC version 8.6.0, version 8.5.3 and below, version 8.4.8 and below, version 8.3.3 web interface may allow both authenticated re…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2019-6697

An Improper Neutralization of Input vulnerability affecting FortiGate version 6.2.0 through 6.2.1, 6.0.0 through 6.0.6 in the hostname parameter of a DHCP packet under DHCP monitor page may allow an…

CVSS: 5.3 CWE: CWE-79
Read more
Medium

CVE-2019-15706

An improper neutralization of input during web page generation in the SSL VPN portal of FortiProxy version 2.0.0, version 1.2.9 and below and FortiOS version 6.2.1 and below, version 6.0.8 and below,…

CVSS: 4.1 CWE: CWE-79
Read more
2025-03-14
High

CVE-2024-26006

An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.…

CVSS: 7.5 CWE: CWE-79
Read more
2025-03-12
Medium

CVE-2025-27867

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix HTTP Webconsole Plugin. This issue affects Apache Felix HTTP Webconsole Plugin: fro…

CVSS: 5.6 CWE: CWE-79
Read more
2025-03-11
High

CVE-2023-37933

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC GUI version 7.4.0, 7.2.0 through 7.2.1 and before 7.1.3 allows an authentica…

CVSS: 8.8 CWE: CWE-79
Read more
2025-03-03
Medium

CVE-2024-54179

IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability…

CVSS: 5.4 CWE: CWE-79
Read more