| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the title when adding a page. |
| A cross-site scripting (XSS) vulnerability was discovered in the OJ/admin-tool /cal_scores.php function of HZNUOJ v1.0. |
| Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin. |
| Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionPreview function. |
| Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionLoadCss function. |
| A reflected cross site scripting (XSS) vulnerability was discovered on Samsung sww-3400rw Router devices via the m2 parameter of the sess-bin/command.cgi |
| PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to obtain user cookie data. |
| MediaKind (formerly Ericsson) RX8200 5.13.3 devices are vulnerable to multiple reflected and stored XSS. An attacker has to inject JavaScript code directly in the "path" or "Services+ID" parameters and send the URL to a user in order to exploit reflected XSS. In the case of stored XSS, an attacker must modify the "name" parameter with the malicious code. |
| A cross site scripting (XSS) vulnerability in /admin.php?page=permalinks of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML. |
| A stored cross site scripting (XSS) vulnerability in /admin.php?page=tags of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML. |
| Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system. |
| In WEMS Limited Enterprise Manager 2.58, input passed to the GET parameter 'email' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site. |
| HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting (XSS). XSS vulnerabilities occur when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session. |
| File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page. |
| A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML. |
| A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML. |
| Cross Site Scripting vulnerabiity exists in WDScanner 1.1 in the system management page. |
| Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage users Section.' |
| In IBOS 4.5.4 the email function has a cross site scripting (XSS) vulnerability in emailbody[content] parameter. |
| Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp. |
