The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `widgetGrid`, `widgetCountDown`, and `widgetInstagramFeed` methods in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595.
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.44, aanually modifying chat history allows setting the `embeds` property on a response message, the content of which is loaded into an iFrame with a sandbox that has `allow-scripts` and `allow-same-origin` set, ignoring the "iframe Sandbox Allow Same Origin" configuration. This enables stored XSS on the affected chat. This also triggers when the chat is in the shared format. The result is a shareable link containing the payload that can be distributed to any other users on the instance. Version 0.6.44 fixes the issue.
Stored Cross-Site Scripting (XSS) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on web application allows an attacker to inject arbitrary JavaScript code, which executes in the browsing context of any visitor accessing the compromised survey.
Privilege Defined With Unsafe Actions vulnerability in Drupal Mini site allows Stored XSS.This issue affects Mini site: from 0.0.0 before 3.0.2.
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all versions up to, and including, 1.7.1012 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187190.
IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188127.
A security flaw has been discovered in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. This issue affects some unknown processing of the file /admin/index.php/advtext/add of the component advtext Module. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be exploited. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: another researcher disputes this issue, stating that this is legitimate functionality for administrators. However, it has been patched by at least one vendor
A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import.
The Ninja Pages WordPress plugin through 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
The WP-Appbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's appbox shortcode in all versions up to, and including, 4.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious content into vulnerability code flow.
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2024.5 due to insufficient input sanitization and output escaping on user supplied attributes through the 'src' attribute when the src supplied returns a header with an injected value . This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
74cmsSE v3.12.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /apiadmin/notice/add. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.
The Events Calendar Made Simple – Pie Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's piecal shortcode in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The Newpost Catch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's npc shortcode in all versions up to, and including, 1.3.19 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript code through the Security Console web interface. When other Security Console administrators open the affected report page, the injected scripts could potentially be executed in their browser.
Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.vue temporarily creates a div and sets the innerHtml to the description. Since there is no escaping on either the server or client side, a malicious user can share a project, create a malicious task, and cause an XSS on hover. This vulnerability is fixed in 1.1.0.
A vulnerability was identified in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file /view_personnel.php. The manipulation of the argument per_address/dr_school/other_school leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used.
IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 185717.
The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Border Hero widget's Button Link field in versions up to 2.0.1. This is due to insufficient input sanitization and output escaping on user-supplied URLs. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 and 10.1 before FP1 and InfoSphere Master Data Management Server for Product Information Management 6.0, 9.0, and 9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
A vulnerability was found in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/update_user.php of the component Update User Page. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could be used.
Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user. This is related to lack of the serendipity_event_xsstrust plugin and a set_config error in that plugin.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Flag allows Cross-Site Scripting (XSS).This issue affects Flag: from 7.X-3.0 through 7.X-3.9.
matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4.
The FiboSearch – Ajax Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `thegem_te_search` shortcode in all versions up to, and including, 1.32.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires TheGem theme (premium) to be installed with Header Builder mode enabled, and the FiboSearch "Replace search bars" option enabled for TheGem integration.
Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading to session hijacking and application manipulation.
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191273.
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance (RSA IMG) versions 6.9.1, all patch levels) are affected by multiple stored cross-site scripting vulnerabilities. Remote authenticated malicious users could potentially inject arbitrary HTML code to the application.
The ProfileGrid – User Profiles, Memberships, Groups and Communities WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the pm_user_avatar and pm_cover_image parameters found in the ~/admin/class-profile-magic-admin.php file which allows attackers with authenticated user access, such as subscribers, to inject arbitrary web scripts into their profile, in versions up to and including 1.2.7.
IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188600.
Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01.
IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 183314.
STVS ProVision 5.9.10 contains a cross-site scripting vulnerability in the 'files' POST parameter that allows authenticated attackers to inject arbitrary HTML code. Attackers can exploit the unvalidated input to execute malicious scripts within a user's browser session in the context of the affected site.
Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U Instant Messenger allows remote authenticated users to inject arbitrary web script or HTML via the recipient field.
A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733.
The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen.
A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely.
A vulnerability was determined in SourceCodester Online Shop Project 1.0. Impacted is an unknown function of the file /shop/register.php. This manipulation of the argument f_name causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project versions in `pom.xml`.
Orangescrum 1.8.0 contains multiple cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through various input parameters. Attackers can exploit parameters like 'projid', 'CS_message', and 'name' to execute arbitrary JavaScript code in victim's browsers by submitting crafted payloads through application endpoints.
IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191390.
A vulnerability was found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. Impacted is an unknown function of the file /edit_profile. Performing manipulation of the argument first_name/last_name results in basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2.
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the issue.