A cross-site scripting (XSS) vulnerability in the /scroll.php endpoint of LafeLabs Chaos v0.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php
A vulnerability has been found in Zavy86 WikiDocs up to 1.0.78 and classified as problematic. This vulnerability affects unknown code of the file template.inc.php. The manipulation of the argument pat
Cross Site Scripting vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the /WebSet/DlgGridSet.html c
Cross Site Scripting vulnerability in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code
Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives
A reflected cross-site scripting (XSS) vulnerability in MyNET up to v26.08 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parame
A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script function in SmartRobot′s Conversational AI Platform before v7.2.0 allows remote authenticated users to perfor
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function.
Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and before allows a remote attacker to execute arbitrary code via the message sending and user input fields.
Cross Site Scripting vulnerability in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via a crafted script to the /api/v3/pet
A stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to exe
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create
Reflected Cross-Site Scripting (XSS) vulnerability in WebWork, which allows remote attackers to execute arbitrary code through the 'q' and 'engine' request parameters in /search.
Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter. Attackers can post
Cross Site Scripting vulnerability in TeslaLogger Admin Panel before v.1.59.6 allows a remote attacker to execute arbitrary code via the New Journey field.
Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allows a remote attacker to escalate privileges via the article editing function.
YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator (CalcField.php) of YesWiki. The application attempts to san
Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pano-sdk 0.5.877 allows a remote attacker to execute arbitrary code via the LoginComp (Module 2093) and SignupComp (Module 2094) mod
Stored cross-site scripting (XSS) in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser