S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter.
s-cms V3.0 has XSS in index.php?type=text via the S_id parameter.
An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo.php T_id parameter.
An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter.
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.
A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box.
A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215197 was assigned to this vulnerability.
A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings.
Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.
A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='.
The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342.
Quectel UC20 UMTS/HSPA+ UC20 6.3.14 is affected by a Cross Site Scripting (XSS) vulnerability.
Rukovoditel before 2.4.1 allows XSS.
app/Core/Paginator.php in Kanboard before 1.2.8 has XSS in pagination sorting.
Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.06 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability."
A Cross-Site Scripting (XSS) vulnerability exists in the reorder administrator functions in sNews 1.71.
In Moodle 3.x, XSS can occur via attachments to evidence of prior learning.
Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter.
Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site scripting (XSS) vulnerability in the Trello app before 4.0.8 for iOS might allow remote attackers to inject arbitrary web script or HTML by uploading and attaching a crafted photo to a Card.
XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is guest/preview.cgi.
Cross-site scripting (XSS) vulnerability in admin/walkthrough/walkthrough.php in the Design Approval System plugin before 3.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter.
Multiple cross-site scripting (XSS) vulnerabilities in the oraadmin service page in Cisco MediaSense allow remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuj23320, CSCuj23324, CSCuj23333, and CSCuj23338.
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability". This CVE ID is unique from CVE-2017-8559.
Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element.
TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS.
The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag.
Cross-site Scripting (XSS) in EasyXDM before 2.4.18 allows remote attackers to inject arbitrary web script or html via the easyxdm.swf file.
A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability".
Cross-site scripting (XSS) vulnerability in afa/php/Login.php in AlgoSec Firewall Analyzer 6.1-b86 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to content/content.blueprintssections.php.
Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameter. NOTE: some of these details are obtained from third party information.
Cross-site scripting (XSS) vulnerability in Forums/EditPost.aspx in mojoPortal before 2.3.9.8 allows remote attackers to inject arbitrary web script or HTML via the txtSubject parameter.
inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring.
An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/smtpg_add.html with the param parameter.
Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors.
Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site scripting (XSS) vulnerability in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to inject arbitrary web script or HTML via the accountNum parameter to an unspecified component.
Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.
Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\ui\editor.php (edit parameter).
Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. This bug could allow an attacker to obtain sensitive information from Kibana users.
Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image.
Cross-site scripting (XSS) vulnerability in modules/Base/Box/check_for_new_version.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URI that lacks the cid parameter.
An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint XSS vulnerability".
Cross-site scripting (XSS) vulnerability in the management web interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action.
Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php.