| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product. |
| Laravel Starter 11.11.0 is vulnerable to Cross Site Scripting (XSS) in the tags feature. Any user with the ability of create or modify tags can inject malicious JavaScript code in the name field. |
| A cross-site scripting (reflected XSS) vulnerability was found in Mettler Toledo FreeWeight.Net Web Reports Viewer 8.4.0 (440). It allows an attacker to inject malicious scripts via the IW_SessionID_ parameter. |
| A stored cross-site scripting (XSS) vulnerability in the New Goal Creation section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the description parameter. |
| Stored XSS in Discussions in OpenText Content Management CE 20.2 to 25.1 on Windows and Linux allows authenticated malicious users to inject code into the system. |
| The Tax Switch for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class-name’ parameter in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
| MegaRAC Default Credentials Vulnerability |
| A cross-site scripting (XSS) vulnerability in Typecho v1.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into Name parameter under a comment for an Article. |
| Silverpeas Core 6.3 is vulnerable to Cross Site Scripting (XSS) via ClipboardSessionController. |
| A stored cross-site scripting (XSS) vulnerability in the component /pubs/counter.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the code parameter. |
| A stored cross-site scripting (XSS) vulnerability in the component /action/anti.php of ThinkSAAS v3.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the word parameter. |
| Cross Site Scripting vulnerability in jizhicms v.2.5.4 allows a remote attacker to obtain sensitive information via a crafted article publication request. |
| Cross Site Scripting vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the friendship link component. |
| PublicCMS V4.0.202406.d was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted script to the Category Managment feature |
| The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Survey fields in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. |
| ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS). |
| Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields. |
| Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field. |
| Logrhythm Web Console 7.4.9 allows for HTML tag injection through Contextualize Action -> Create a new Contextualize Action -> Inject your HTML tag in the name field. |
| The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers. |
