Vulnerabilidades CVE

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, ...

An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is required) who has the vulnerable software could introduce arbitrary JavaScript by injec...

User-controlled input is reflected into the HTML output without proper encoding on TP-Link Archer C60 v3, allowing arbitrary JavaScript execution via a crafted URL. An attacker could run script in the...

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in radiomobile_front.php via the stationid query parameter. When an authenticated administrator views a crafted U...

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user registration workflow (index.php submitting to admin/user_action.php). User-supplied fields such as Firs...

SVXportal version 2.5 and prior contain a stored cross-site scripting vulnerability in the user profile update workflow (user_settings.php submitting to admin/update_user.php). Authenticated users can...

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Prior to versions 9.0.892 and 9.1.893-beta, if the template tag is allowed, its ...

Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft URL...

HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interface which would require elevated privileges to exploit.

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. When an attacker inserts an invalid host header, use...

Leafkit is a templating language with Swift-inspired syntax. Prior to 1.4.1, htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypa...

The [CR]Paid Link Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 0.5 due to insufficient input sanitization and out...

LeafKit is a templating language with Swift-inspired syntax. Prior to version 1.14.2, HTML escaping doesn't work correctly when a template prints a collection (Array / Dictionary) via `#(value)`. This...

Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple param...

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to...

wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment preview functionality that allows authenticated users to inject malicious scripts by submitting commen...

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS.  The vulnerability could lead to Reflected XSS attack of c...

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS.  The vulnerability could lead to Reflected XSS attack of c...

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host paramete...

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST...

Isso is a lightweight commenting server written in Python and JavaScript. In commits before 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144, there is a stored Cross-Site Scripting (XSS) vulnerability affecti...

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dmzholes.cgi script that allow attackers to inject malicious scripts through unv...

AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing a...

Stored Cross-Site Scripting (XSS) was found in the /admin/edit_user.php page of Society Management System Portal V1.0, which allows remote attackers to inject and store arbitrary JavaScript code that ...

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the MACHINE and MACHINECOMMENT...

Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'name', parameter 'name', in 'a3factura-app.wolterskluwer.es/#/incomes/customers' endpoint, which could allow an attack...

The StyleBidet plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL path in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escap...

Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'customerName', in 'a3factura-app.wolterskluwer.es/#/incomes/salesInvoices' endpoint, which could allow an attacker to ...

Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'customerVATNumber', in 'a3factura-app.wolterskluwer.es/#/incomes/salesDeliveryNotes' endpoint, which could allow an at...

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.4 and 8.6.30, an attacker can upload a file with a file extension or conten...

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attack...

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior reflect unsanitized user input in the web interface, allowing an attacker to inject and execute arbitrary JavaScript in ...

Sylius is an Open Source eCommerce Framework on Symfony. A cross-site scripting (XSS) vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a...

The Address Bar Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL Path in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output ...

Repostat is a React component to fetch and display GitHub repository info. Prior to version 1.0.1, the `RepoCard` component is vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability occ...

Sylius is an Open Source eCommerce Framework on Symfony. CurrencySwitchController::switchAction(), ImpersonateUserController::impersonateAction() and StorageBasedLocaleSwitcher::handle() use the HTTP ...

The Geo Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL path in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. ...

The SPIP jeux plugin versions prior to 4.1.1 contain a reflected cross-site scripting (XSS) vulnerability in the pre_propre pipeline. The plugin incorporates untrusted request parameters into HTML out...

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body ...

Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "rel_id" parameter in a crafted URL and lure a user with admin privileg...

Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin ...

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to properly sanitize user input before rendering it in the brows...

BigBlueButton is an open-source virtual classroom. In versions on the 3.x branch prior to 3.0.20, the string received with errorRedirectUrl lacks validation, using it directly in the respondWithRedire...

An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in benkeen generatedata 4.0.14.

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 hav...

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 hav...

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AT Internet SmartTag allows Cross-Site Scripting (XSS).This issue affects AT Internet Smart...

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient inp...

The Inquiry Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.2. This is due to missing nonce verification in the rd_ic_settings_page func...

Svelte performance oriented web framework. Prior to version 5.53.5, the contents of `bind:innerText` and `bind:textContent` on `contenteditable` elements were not properly escaped. This could enable H...