app/webroot/js/workflows-editor/workflows-editor.js in MISP through 2.5.2 has stored XSS in the editor interface for an ad-hoc workflow.
Cross-Site Request Forgery (CSRF) vulnerability in Austin Comment Validation Reloaded comment-validation-reloaded allows Stored XSS.This issue affects Comment Validation Reloaded: from n/a through <=
Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments
app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have).
js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.
A stored cross-site scripting (XSS) vulnerability in October CMS Bloghub Plugin v1.3.8 and lower allows attackers to execute arbitrary web scripts or HTML via a crafted payload into the Comments secti
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devu Status Updater fb-status-updater allows Reflected XSS.This issue affects Status Updater: from
symphonycms <=2.7.10 is vulnerable to Cross Site Scripting (XSS) in the Comment component for articles.
A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered.
Cross-Site Scripting (XSS) vulnerability exists in Webkul Krayin CRM v2.1.5. The application fails to sanitize user-supplied input in the comment field during Activity creation on the /admin/activitie
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cartpauj User Notes user-notes allows Stored XSS.This issue affects User Notes: from n/a through <
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iamapinan Woocommerce Line Notify woo-line-notify allows Stored XSS.This issue affects Woocommerce
Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unes
A vulnerability, which was classified as problematic, has been found in SourceCodester Complaints Report Management System 1.0. This issue affects some unknown processing of the file /admin/ajax.php?a
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Stored XSS.This issue affects Masteriy
PHPGurukul Complaint Management System 2.0 is vulnerble to Cross Site Scripting (XSS) via the fromdate and todate parameters in between-date-userreport.php.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LatePoint LatePoint latepoint allows Stored XSS.This issue affects LatePoint: from n/a through <=
A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the profile.php file of PHPGurukul Timetable Generator System v1.0. This vulnerability allows remote attackers to execute arbitra
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in siteheart HyperComments comments-with-hypercommentscom allows Reflected XSS.This issue affects Hyp
YCCMS 3.4 contains a stored cross-site scripting (XSS) vulnerability in the article management functionality. The vulnerability exists in the add() and getPost() functions within the ArticleAction.cla