A cross-site scripting (XSS) vulnerability in the valuateJavascript() function of Reolink v4.54.0.4.20250526 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
A reflected cross-site scripting (XSS) vulnerability in MyNET up to v26.08 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parame
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code
A stored Cross-site Scripting (XSS) vulnerability affecting Compare in Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execu
Projectsend r1295 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input in the 'name' parameter of files-edit
OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the p
Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may
A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
A Reflected Cross Site Scripting (XSS) vulnerability was found in '/search' in Phoenix Site CMS from Phoenix, which allows remote attackers to execute arbitrary code via 's' GET parameter.
The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Additional Parameters in all versions up to, and including, 7.7.3 due to insufficient input sanitization
Reflected cross-site scripting (XSS) vulnerability in desknet's Web Server allows execution of arbitrary JavaScript in a user’s web browser.
The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and o
A stored Cross-site Scripting (XSS) vulnerability affecting City Discover in City Referential Manager on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's brows
Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted payload to the meta configuration robots field
Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portlet_user_id' URL parameter. A remote, unauthenticated attacker can craft a URL that can
Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show,
A Reflected Cross-Site Scripting vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to craft a malicious URL leveraging the"/embedai/users/show/
The Valuation Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 1.3.2 due to insufficient input sanitization a
A stored cross-site scripting (XSS) vulnerability in the New Goal Creation section of Volmarg Personal Management System v1.4.65 allows authenticated attackers to execute arbitrary web scripts or HTML
A reflected cross-site scripting (XSS) vulnerability, resulting from a regression, has been identified in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.