Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-39338

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-07 Apr, 2026 | 17:57
Updated At-09 Apr, 2026 | 15:57
Rejected At-
Credits

ChurchCRM has Blind XSS via Global Search – Administrative Cookie Session Exfiltration

ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Reflected Cross-Site Scripting vulnerability exists in the search parameter accepted by the ChurchCRM dashboard. The application fails to sanitize or encode user-supplied input prior to rendering it within the browser's DOM. Although the application ultimately returns an HTTP 500 error due to the malformed API request caused by the payload, the browser's JavaScript engine parses and executes the injected <script> tags before the error response is returned — resulting in successful code execution regardless of the server-side error. This vulnerability is fixed in 7.1.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:07 Apr, 2026 | 17:57
Updated At:09 Apr, 2026 | 15:57
Rejected At:
▼CVE Numbering Authority (CNA)
ChurchCRM has Blind XSS via Global Search – Administrative Cookie Session Exfiltration

ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Reflected Cross-Site Scripting vulnerability exists in the search parameter accepted by the ChurchCRM dashboard. The application fails to sanitize or encode user-supplied input prior to rendering it within the browser's DOM. Although the application ultimately returns an HTTP 500 error due to the malformed API request caused by the payload, the browser's JavaScript engine parses and executes the injected <script> tags before the error response is returned — resulting in successful code execution regardless of the server-side error. This vulnerability is fixed in 7.1.0.

Affected Products
Vendor
ChurchCRM
Product
CRM
Versions
Affected
  • < 7.1.0
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWECWE-1004CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag
Type: CWE
CWE ID: CWE-79
Description: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-1004
Description: CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag
Metrics
VersionBase scoreBase severityVector
4.08.6HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N
Version: 4.0
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/ChurchCRM/CRM/security/advisories/GHSA-3ghg-qfqw-rcqf
x_refsource_CONFIRM
Hyperlink: https://github.com/ChurchCRM/CRM/security/advisories/GHSA-3ghg-qfqw-rcqf
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:07 Apr, 2026 | 18:16
Updated At:15 Apr, 2026 | 20:15

ChurchCRM is an open-source church management system. Prior to 7.1.0, a Blind Reflected Cross-Site Scripting vulnerability exists in the search parameter accepted by the ChurchCRM dashboard. The application fails to sanitize or encode user-supplied input prior to rendering it within the browser's DOM. Although the application ultimately returns an HTTP 500 error due to the malformed API request caused by the payload, the browser's JavaScript engine parses and executes the injected <script> tags before the error response is returned — resulting in successful code execution regardless of the server-side error. This vulnerability is fixed in 7.1.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.6HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Secondary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Secondary
Version: 4.0
Base score: 8.6
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CPE Matches
churchcrm
churchcrm
>>churchcrm>>Versions up to 7.0.5(inclusive)
cpe:2.3:a:churchcrm:churchcrm:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Secondarysecurity-advisories@github.com
CWE-1004Secondarysecurity-advisories@github.com
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-1004
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/ChurchCRM/CRM/security/advisories/GHSA-3ghg-qfqw-rcqfsecurity-advisories@github.com
Exploit
Vendor Advisory
Hyperlink: https://github.com/ChurchCRM/CRM/security/advisories/GHSA-3ghg-qfqw-rcqf
Source: security-advisories@github.com
Resource:
Exploit
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

10381Records found
CVE-2019-19336
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.31% / 53.94%
||
7 Day CHG~0.00%
Published-19 Mar, 2020 | 13:11
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting vulnerability was reported in the oVirt-engine's OAuth authorization endpoint before version 4.3.8. URL parameters were included in the HTML response without escaping. This flaw would allow an attacker to craft malicious HTML pages that can run scripts in the context of the user's oVirt session.

Action-Not Available
Vendor-ovirtRed Hat, Inc.
Product-ovirt-enginevirtualizationovirt-engine
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-18882
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.35% / 57.71%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 02:56
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.

Action-Not Available
Vendor-n/aWSO2 LLC
Product-identity_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-27637
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.20% / 42.01%
||
7 Day CHG+0.03%
Published-05 Mar, 2025 | 00:00
Updated-03 Nov, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Cross-Site Scripting V-2024-016.

Action-Not Available
Vendor-printerlogicn/a
Product-vasion_printvirtual_appliancen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19366
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.43% / 62.53%
||
7 Day CHG~0.00%
Published-27 Nov, 2019 | 19:19
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting (XSS) vulnerability in app/xml_cdr/xml_cdr_search.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.

Action-Not Available
Vendor-fusionpbxn/a
Product-fusionpbxn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-27309
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.87% / 75.31%
||
7 Day CHG~0.00%
Published-23 Mar, 2021 | 13:28
Updated-03 Aug, 2024 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter.

Action-Not Available
Vendor-cspheren/a
Product-clanspheren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-0125
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-2.4||LOW
EPSS-0.36% / 57.85%
||
7 Day CHG~0.00%
Published-09 Jan, 2023 | 20:51
Updated-02 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Control iD Gerencia Web Web Interface cross site scripting

A vulnerability was found in Control iD Gerencia Web 1.30. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation of the argument Nome leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217717 was assigned to this vulnerability.

Action-Not Available
Vendor-control_id_panel_projectControl iD
Product-control_id_panelGerencia Web
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-5226
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.1||MEDIUM
EPSS-0.11% / 28.88%
||
7 Day CHG+0.01%
Published-11 Apr, 2026 | 01:24
Updated-13 Apr, 2026 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Optimole <= 4.2.3 - Reflected Cross-Site Scripting via Page Profiler URL

The Optimole – Optimize Images in Real Time plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL paths in versions up to, and including, 4.2.3 This is due to insufficient output escaping on user-supplied URL paths in the get_current_url() function, which are inserted into JavaScript code via str_replace() without proper JavaScript context escaping in the replace_content() function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Action-Not Available
Vendor-optimole
Product-Optimole – Optimize Images in Real Time
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19865
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.37% / 58.68%
||
7 Day CHG~0.00%
Published-21 Feb, 2020 | 15:23
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Atos Unify OpenScape UC Application V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows XSS. An attacker could exploit this by convincing an authenticated user to inject arbitrary JavaScript code in the Profile Name field. A browser would execute this stored XSS payload.

Action-Not Available
Vendor-atosn/a
Product-unify_openscape_uc_web_clientn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-0236
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-20.08% / 95.50%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 19:59
Updated-25 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tutor LMS < 2.0.10 - Reflected Cross-Site Scripting

The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Action-Not Available
Vendor-UnknownThemeum
Product-tutor_lmsTutor LMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-0099
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-72.92% / 98.78%
||
7 Day CHG~0.00%
Published-13 Feb, 2023 | 14:32
Updated-13 Feb, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Simple URLs < 115 - Multiple Reflected XSS

The Simple URLs WordPress plugin before 115 does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-getlassoUnknown
Product-simple_urlsSimple URLs
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-56328
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.15% / 35.22%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 20:55
Updated-26 Sep, 2025 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTMLi(XSS without CSP) via Onebox urls in Discourse

Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by posting a maliciously crafted onebox url. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should enable CSP, disable inline Oneboxes globally, or allow specific domains for Oneboxing.

Action-Not Available
Vendor-Civilized Discourse Construction Kit, Inc.
Product-discoursediscourse
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19367
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.43% / 62.53%
||
7 Day CHG~0.00%
Published-27 Nov, 2019 | 19:19
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting (XSS) vulnerability in app/fax/fax_files.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Action-Not Available
Vendor-fusionpbxn/a
Product-fusionpbxn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-37416
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-7.00% / 91.49%
||
7 Day CHG~0.00%
Published-30 Aug, 2021 | 18:18
Updated-04 Aug, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_adselfservice_plusn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-18652
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.31% / 54.49%
||
7 Day CHG~0.00%
Published-07 Jan, 2020 | 21:40
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. The payload was tested in Microsoft Internet Explorer 11.418.18362.0 and Microsoft Edge 44.18362.387.0 (Microsoft EdgeHTML 18.18362).

Action-Not Available
Vendor-n/aWatchGuard Technologies, Inc.
Product-xmt515xmt515_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-0337
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.8||MEDIUM
EPSS-0.23% / 46.38%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 00:00
Updated-04 Apr, 2025 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting (XSS) - Reflected in lirantal/daloradius

Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch.

Action-Not Available
Vendor-daloradiuslirantal
Product-daloradiuslirantal/daloradius
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-0588
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.14% / 33.24%
||
7 Day CHG~0.00%
Published-27 Jun, 2023 | 13:17
Updated-27 Nov, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Catalyst Connect Zoho CRM Client Portal < 2.1.0 - Reflected XSS

The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2.1.0 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin.

Action-Not Available
Vendor-catalystconnectUnknown
Product-zoho_crm_client_portalCatalyst Connect Zoho CRM Client Portal
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19748
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.35% / 57.71%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 02:36
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Work Time Calendar app before 4.7.1 for Jira allows XSS.

Action-Not Available
Vendor-brizoitn/a
Product-work_time_calendarn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-50905
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-6.1||MEDIUM
EPSS-0.07% / 20.47%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 22:51
Updated-07 Apr, 2026 | 14:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
e107 CMS v3.2.1 - Reflected XSS via Comment Flow

e107 CMS version 3.2.1 contains multiple vulnerabilities that allow cross-site scripting (XSS) attacks. The first vulnerability is a reflected XSS that occurs in the news comment functionality when authenticated users interact with the comment form. An attacker can inject malicious JavaScript code through the URL parameter that gets executed when users click outside the comment field after typing content. The second vulnerability involves an upload restriction bypass for authenticated administrators, allowing them to upload SVG files containing malicious code through the media manager's remote URL upload feature. This results in stored XSS when the uploaded SVG files are accessed. These vulnerabilities were discovered by Hubert Wojciechowski and affect the news.php and image.php components of the CMS.

Action-Not Available
Vendor-e107e107
Product-e107e107 CMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-0084
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.2||HIGH
EPSS-47.84% / 97.72%
||
7 Day CHG~0.00%
Published-02 Mar, 2023 | 18:35
Updated-08 Apr, 2026 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Metform Elementor Contact Form Builder <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, which is the submissions page.

Action-Not Available
Vendor-wpmetroxnor
Product-metform_elementor_contact_form_builderMetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-18656
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.01% / 0.23%
||
7 Day CHG~0.00%
Published-31 Oct, 2019 | 16:41
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js mishandles certain HTML elements.

Action-Not Available
Vendor-n/aPimcore
Product-pimcoren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19003
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-5.3||MEDIUM
EPSS-0.37% / 58.95%
||
7 Day CHG~0.00%
Published-02 Apr, 2020 | 19:46
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ABB eSOMS: HTTPOnly flag not set

For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set. This can allow Javascript to access the cookie contents, which in turn might enable Cross Site Scripting.

Action-Not Available
Vendor-Hitachi Energy Ltd.ABB
Product-esomseSOMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-16
Not Available
CVE-2023-0486
Matching Score-4
Assigner-Fluid Attacks
ShareView Details
Matching Score-4
Assigner-Fluid Attacks
CVSS Score-6.1||MEDIUM
EPSS-0.52% / 66.88%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 00:00
Updated-13 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance's administrator account via a malicious link. This is possible because the application is vulnerable to XSS.

Action-Not Available
Vendor-vitalpbxn/a
Product-vitalpbxVitalPBX
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-0428
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.5||HIGH
EPSS-0.74% / 72.89%
||
7 Day CHG~0.00%
Published-21 Feb, 2023 | 08:50
Updated-12 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Watu Quiz < 3.3.8.2 - Reflected XSS

The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-kibokolabsUnknown
Product-watu_quizWatu Quiz
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19328
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.53% / 67.29%
||
7 Day CHG~0.00%
Published-27 Nov, 2019 | 15:28
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI before 0.3.6-SNAPSHOT 2019-11-07 allows HTML injection in tooltips for entities. NOTE: this GUI code is no longer bundled with the Wikibase Wikidata Query Service snapshots, such as 0.3.6-SNAPSHOT.

Action-Not Available
Vendor-n/aWikimedia Foundation
Product-wikidata_query_guin/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-0606
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-9.3||CRITICAL
EPSS-0.35% / 57.77%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 00:00
Updated-27 Mar, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting (XSS) - Reflected in ampache/ampache

Cross-site Scripting (XSS) - Reflected in GitHub repository ampache/ampache prior to 5.5.7.

Action-Not Available
Vendor-ampacheampache
Product-ampacheampache/ampache
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-18667
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.33% / 55.84%
||
7 Day CHG~0.00%
Published-02 Nov, 2019 | 15:07
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

/usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser.

Action-Not Available
Vendor-pfsensen/a
Product-pfsense-pkg-freeradius3n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-0577
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-6.1||MEDIUM
EPSS-0.23% / 46.38%
||
7 Day CHG~0.00%
Published-03 Mar, 2023 | 06:55
Updated-05 Mar, 2025 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple XSS in ASOS Information Technologies' Sobiad

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies SOBIAD allows Cross-Site Scripting (XSS).This issue affects SOBIAD: before 23.02.01.

Action-Not Available
Vendor-ASOS EĞİTİM (ASOS EDUCATION)
Product-sobiadSOBIAD
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-30292
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-0.74% / 72.97%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 20:03
Updated-14 Apr, 2025 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79)

ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Action-Not Available
Vendor-Adobe Inc.
Product-coldfusionColdFusion
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19384
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.43% / 62.53%
||
7 Day CHG~0.00%
Published-28 Nov, 2019 | 23:56
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter.

Action-Not Available
Vendor-fusionpbxn/a
Product-fusionpbxn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19619
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.42% / 61.96%
||
7 Day CHG~0.00%
Published-06 Dec, 2019 | 03:28
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

domain/section/markdown/markdown.go in Documize before 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS.

Action-Not Available
Vendor-documizen/a
Product-documizen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19692
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.47% / 64.71%
||
7 Day CHG-0.09%
Published-20 Dec, 2019 | 04:05
Updated-05 Aug, 2024 | 02:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS) vulnerability on the product console. Note that the Japanese version of the product is NOT affected.

Action-Not Available
Vendor-Microsoft CorporationTrend Micro Incorporated
Product-apex_onewindowsTrend Micro Apex Central
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19381
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.33% / 55.84%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 13:02
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

oauth/oauth2/v1/saml/ in Abacus OAuth Login 2019_01_r4_20191021_0000 before prior to R4 (20.11.2019 Hotfix) allows Reflected Cross Site Scripting (XSS) via an error message.

Action-Not Available
Vendor-abacusn/a
Product-abacusn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-18955
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.33%
||
7 Day CHG~0.00%
Published-19 Dec, 2019 | 17:00
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web console in Lansweeper 7.2.105.2 has XSS via the URL path. Product vulnerability has been fixed and disclosed within changelog as of 02 Dec 2019.

Action-Not Available
Vendor-lansweepern/a
Product-lansweepern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-0527
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-8.97% / 92.62%
||
7 Day CHG~0.00%
Published-27 Jan, 2023 | 10:32
Updated-02 Aug, 2024 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Security Guards Hiring System search-request.php cross site scripting

A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php. The manipulation of the argument searchdata with the input "><script>alert(document.domain)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219596.

Action-Not Available
Vendor-online_security_guards_hiring_system_projectPHPGurukul LLP
Product-online_security_guards_hiring_systemOnline Security Guards Hiring System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-18834
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.46% / 64.21%
||
7 Day CHG~0.00%
Published-23 Jul, 2020 | 19:42
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Persistent XSS in the WooCommerce Subscriptions plugin before 2.6.3 for WordPress allows remote attackers to execute arbitrary JavaScript because Billing Details are mishandled in WCS_Admin_Post_Types in class-wcs-admin-post-types.php.

Action-Not Available
Vendor-n/aWooCommerce
Product-subscriptionsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-18926
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.62% / 70.01%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 16:15
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting (XSS). A user input (related to dialog information) is reflected directly in the web page, allowing a malicious user to conduct a Cross Site Scripting attack against users of the application.

Action-Not Available
Vendor-systematicincn/a
Product-iris_standards_managementn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-0410
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.1||MEDIUM
EPSS-0.34% / 56.36%
||
7 Day CHG-0.00%
Published-20 Jan, 2023 | 00:00
Updated-13 Mar, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting (XSS) - Generic in builderio/qwik

Cross-site Scripting (XSS) - Generic in GitHub repository builderio/qwik prior to 0.1.0-beta5.

Action-Not Available
Vendor-qwikbuilderio
Product-qwikbuilderio/qwik
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-0442
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.20% / 42.04%
||
7 Day CHG~0.00%
Published-21 Feb, 2023 | 08:51
Updated-12 Mar, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Loan Comparison < 1.5.2 - Reflected XSS via shortcode

The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an attacker to inject javascript into into the site via a crafted URL.

Action-Not Available
Vendor-loan_comparison_projectUnknown
Product-loan_comparisonLoan Comparison
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-0338
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.8||MEDIUM
EPSS-0.23% / 46.38%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 00:00
Updated-04 Apr, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting (XSS) - Reflected in lirantal/daloradius

Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch.

Action-Not Available
Vendor-daloradiuslirantal
Product-daloradiuslirantal/daloradius
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-18914
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.46% / 64.00%
||
7 Day CHG~0.00%
Published-09 Nov, 2021 | 14:10
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential security vulnerability has been identified for certain HP printers and MFPs that would allow redirection page Cross-Site Scripting in a client’s browser by clicking on a third-party malicious link.

Action-Not Available
Vendor-n/aHP Inc.
Product-laserjet_enterprise_m605_l3u54alaserjet_managed_flow_mfp_e82540_x3a82alaserjet_enterprise_flow_mfp_m680_cz248alaserjet_managed_mfp_e52645_1pv64alaserjet_enterprise_mfp_m776_t3u55alaserjet_managed_mfp_m630_b3g85apagewide_managed_flow_mfp_e77660z_j7z07alaserjet_managed_flow_mfp_e77825_z8z0alaserjet_managed_mfp_e72530_z8z09alaserjet_enterprise_m552_b5l23alaserjet_managed_mfp_e87640_x3a86alaserjet_managed_mfp_e82540_z8z22alaserjet_enterprise_flow_mfp_m880z_a2w75alaserjet_managed_mfp_e62555_j8j74alaserjet_managed_mfp_e77428_5cm77alaserjet_managed_e60075_m0p33alaserjet_managed_flow_mfp_e72525_z8z08alaserjet_managed_flow_mfp_m575_l3u45alaserjet_enterprise_mfp_m577_b5l48alaserjet_managed_flow_mfp_e82560_x3a74alaserjet_managed_flow_mfp_e67560_l3u70alaserjet_managed_flow_mfp_e57540_3gy25alaserjet_enterprise_m609_k0q22alaserjet_managed_mfp_e77428_5cm79alaserjet_managed_flow_mfp_m630_p7z47alaserjet_managed_flow_mfp_e72525_x3a62alaserjet_managed_flow_mfp_m880zm_d7p71alaserjet_enterprise_700_m712_cf235alaserjet_enterprise_m506_f2a66alaserjet_managed_flow_mfp_m680_l3u47alaserjet_managed_flow_mfp_e62565_j8j79alaserjet_managed_mfp_e87650_z8z15alaserjet_managed_flow_mfp_m630_l3u62alaserjet_managed_flow_mfp_e82540_z8z23alaserjet_enterprise_m507_1pv88alaserjet_enterprise_m652_j7z99alaserjet_managed_mfp_e72525_x3a66alaserjet_enterprise_m506_f2a70apagewide_enterprise_flow_mfp_586z_g1w41alaserjet_managed_mfp_e72525_z8z08alaserjet_managed_flow_mfp_e62555_j8j74alaserjet_managed_mfp_e72530_x3a65alaserjet_managed_mfp_e62555_j8j67alaserjet_managed_flow_mfp_e62565_j8j80alaserjet_enterprise_flow_mfp_m631_j8j63alaserjet_enterprise_flow_mfp_m630_b3g86aofficejet_managed_mfp_x585_b5l04alaserjet_managed_mfp_e72530_z8z08alaserjet_enterprise_mfp_m633_j8j78apagewide_managed_flow_mfp_e77650_j7z14alaserjet_managed_mfp_e82550_az8z20apagewide_managed_mfp_p77950_2gp22alaserjet_managed_mfp_e82540_z8z19laserjet_managed_mfp_e82550_x3a68alaserjet_enterprise_flow_mfp_m681_j8a12apagewide_managed_mfp_p77950_2gp26alaserjet_managed_e60055_m0p39alaserjet_managed_mfp_e77822_x3a84alaserjet_managed_mfp_e52645_1pv67alaserjet_managed_e75245_t3u64alaserjet_managed_flow_mfp_e87650_z8z16alaserjet_enterprise_m855_a2w77alaserjet_managed_m506_f2a69alaserjet_enterprise_500_m551_cf081alaserjet_managed_flow_mfp_e72535_z8z08apagewide_managed_mfp_p77950_5zn98alaserjet_managed_flow_mfp_e67550_l3u70alaserjet_managed_mfp_e82560_z8z22apagewide_managed_mfp_p77940_y3z68alaserjet_managed_mfp_e52545_3gy19alaserjet_managed_mfp_e77428_5cm78alaserjet_enterprise_mfp_m632_j8j72alaserjet_managed_mfp_e57540_3gy26alaserjet_enterprise_mfp_m577_b5l46alaserjet_managed_flow_mfp_e72535_z8z06alaserjet_managed_flow_mfp_e82550_z8z23alaserjet_managed_mfp_e72530_x3a60alaserjet_managed_flow_mfp_e82540_x3a69alaserjet_enterprise_mfp_m631_j8j65aofficejet_enterprise_mfp_x585_l3u40alaserjet_enterprise_mfp_m725_l3u64alaserjet_managed_mfp_e72430_5rc89alaserjet_managed_flow_mfp_e82540_x3a79apagewide_managed_mfp_p77940_y3z63apagewide_enterprise_556_g1w47vlaserjet_managed_mfp_e77830_z8z02alaserjet_managed_500_mfp_m575_l3u46alaserjet_managed_flow_mfp_e82540_x3a72alaserjet_managed_mfp_e82560_x3a69alaserjet_managed_mfp_e82560_az8z20alaserjet_enterprise_700_mfp_m775_cc522alaserjet_managed_mfp_e77825_x3a84alaserjet_enterprise_700_mfp_m775_cf304apagewide_managed_mfp_p77940_y3z64alaserjet_managed_flow_mfp_e82560_x3a79alaserjet_managed_e75245_t3u43alaserjet_managed_flow_mfp_e77822_z8z0alaserjet_managed_mfp_e87660_x3a89alaserjet_enterprise_flow_mfp_m630_p7z48alaserjet_managed_flow_mfp_e87660_x3a86alaserjet_enterprise_600_m603_ce994apagewide_managed_mfp_p77940_y3z66alaserjet_enterprise_m652_j7z98alaserjet_managed_flow_mfp_e62575_j8j74alaserjet_managed_flow_mfp_e82550_z8z18alaserjet_managed_mfp_e82560_x3a74alaserjet_managed_mfp_e62565_j8j74alaserjet_managed_mfp_e87650_z8z17alaserjet_enterprise_m506_f2a71apagewide_managed_p75250_y3z49alaserjet_managed_mfp_e72535_z8z08alaserjet_managed_flow_mfp_e87650_x3a87alaserjet_managed_mfp_e82560_x3a79alaserjet_managed_flow_mfp_e62575_j8j67alaserjet_managed_mfp_e87640_z8z14apagewide_managed_flow_mfp_e77650_j7z13alaserjet_enterprise_flow_mfp_m776_t3u55alaserjet_managed_m605_e6b70alaserjet_managed_flow_mfp_m527z_f2a79alaserjet_enterprise_600_m602_ce991apagewide_managed_mfp_p77950_5zn99alaserjet_managed_flow_mfp_e77825_z8z01alaserjet_enterprise_m4555_mfp_ce502alaserjet_managed_mfp_e77428_5rc91alaserjet_managed_flow_mfp_e62575_j8j66apagewide_managed_flow_mfp_e77660z_j7z14alaserjet_managed_flow_mfp_e62555_j8j73alaserjet_managed_e60065_m0p39alaserjet_managed_e60055_m0p33apagewide_managed_mfp_e77650_j7z08alaserjet_managed_flow_mfp_e72525_x3a66alaserjet_enterprise_m553_bl27alaserjet_managed_flow_mfp_e72535_z8z09alaserjet_managed_mfp_e57540_3gy25alaserjet_enterprise_m553_b5l24apagewide_enterprise_flow_mfp_586z_g1w39alaserjet_managed_flow_mfp_m575_l3u46alaserjet_managed_flow_mfp_e87640_z8z15aofficejet_managed_flow_mfp_x585_b5l07alaserjet_managed_mfp_e77422_5cm75alaserjet_managed_flow_mfp_e72535_x3a65alaserjet_managed_flow_mfp_e82550_z8z22alaserjet_managed_flow_mfp_e82560_x3a82apagewide_managed_flow_mfp_e77660z_j7z03alaserjet_enterprise_700_mfp_m775_l3u50alaserjet_managed_flow_mfp_e82550_x3a71alaserjet_managed_flow_mfp_e72530_x3a62alaserjet_managed_mfp_e82540_x3a82apagewide_managed_mfp_p77960_y3z62alaserjet_managed_flow_mfp_e57540_3gy26alaserjet_enterprise_500_mfp_m575_cd645alaserjet_managed_flow_mfp_e87660_z8z14alaserjet_managed_mfp_e77822_z8z04apagewide_managed_mfp_p77940_2gp26alaserjet_managed_mfp_e87640_z8z16apagewide_managed_mfp_p77940_5zn98alaserjet_enterprise_flow_mfp_m633_j8j76apagewide_mfp_774_4pa44alaserjet_enterprise_m507_1pv87alaserjet_managed_mfp_e72535_x3a60alaserjet_managed_flow_mfp_e87650_z8z15alaserjet_managed_flow_mfp_e87650_x3a90alaserjet_enterprise_flow_mfp_m681_j8a11alaserjet_enterprise_mfp_m528_1pv49alaserjet_managed_mfp_e72525_z8z011alaserjet_managed_mfp_e87640_x3a89apagewide_managed_mfp_p77940_2gp25alaserjet_managed_m553_b5l26alaserjet_managed_mfp_e87660_z8z14alaserjet_managed_mfp_e67560_l3u69alaserjet_enterprise_flow_mfp_m632_j8j72alaserjet_managed_flow_mfp_e77822_x3a77alaserjet_managed_mfp_e77830_x3a84alaserjet_managed_mfp_m725_cf068alaserjet_managed_mfp_e82540_x3a72alaserjet_managed_flow_mfp_m630_b3g86alaserjet_enterprise_mfp_m681_j8a12alaserjet_enterprise_m855_d7p73alaserjet_enterprise_mfp_m680_cz248alaserjet_managed_flow_mfp_e82550_x3a69alaserjet_managed_mfp_e77422_5rc92alaserjet_enterprise_flow_mfp_m575_cd645alaserjet_managed_mfp_e82560_x3a68alaserjet_enterprise_flow_mfp_m577_b5l46alaserjet_managed_e50145_1pv89alaserjet_managed_e60075_m0p39apagewide_managed_mfp_p77960_y3z63alaserjet_managed_m553_b5l38alaserjet_enterprise_700_mfp_m775_cc524aofficejet_enterprise_x555_l1h45alaserjet_managed_flow_mfp_e72530_z8z010alaserjet_managed_flow_mfp_m525_l3u59alaserjet_enterprise_m553_b5l39alaserjet_managed_mfp_m775_cc523alaserjet_enterprise_flow_mfp_m880z_a2w76alaserjet_managed_mfp_e82550_z8z23alaserjet_managed_flow_mfp_e87640_x3a93alaserjet_enterprise_mfp_m630_b3g85alaserjet_managed_mfp_e82540_z8z18alaserjet_enterprise_600_m601_ce989alaserjet_managed_m651_cz257alaserjet_managed_flow_mfp_e77825_z8z05aofficejet_enterprise_flow_mfp_x585_l3u41alaserjet_managed_mfp_e87650_z8z16alaserjet_managed_flow_mfp_e72530_z8z07alaserjet_enterprise_mfp_m577_b5l47alaserjet_enterprise_mfp_m725_cf069alaserjet_managed_e85055_t3u52alaserjet_managed_flow_mfp_e82560_z8z19laserjet_managed_mfp_e72525_z8z07alaserjet_managed_e65050_l3u57alaserjet_managed_flow_mfp_e72530_z8z011alaserjet_managed_e60055_m0p40alaserjet_managed_e50145_1pv88alaserjet_cm4540_mfp_cc420alaserjet_enterprise_600_m602_ce993alaserjet_managed_mfp_e82560_z8z23alaserjet_managed_flow_mfp_e87660_x3a92alaserjet_managed_flow_mfp_e82560_z8z23alaserjet_managed_mfp_e87640_x3a90alaserjet_managed_flow_mfp_e87650_x3a86alaserjet_enterprise_500_mfp_m525f_cf118alaserjet_managed_flow_mfp_e72535_x3a60alaserjet_enterprise_m651_h0dc9alaserjet_managed_flow_mfp_e72525_x3a59alaserjet_managed_mfp_e72525_z8z010alaserjet_managed_flow_mfp_e82550_az8z20alaserjet_managed_mfp_m630_j7x28alaserjet_managed_mfp_e77422_5cm77alaserjet_enterprise_mfp_m725_cf067alaserjet_managed_flow_mfp_e77830_x3a77alaserjet_managed_e50145_1pu51alaserjet_managed_mfp_e82540_az8z20alaserjet_managed_mfp_m630_l3u61alaserjet_managed_mfp_e72425_5cm72alaserjet_managed_flow_mfp_e82560_x3a69aofficejet_managed_mfp_x585_b5l05alaserjet_managed_flow_mfp_e77825_x3a83alaserjet_enterprise_m553_b5l38apagewide_managed_mfp_p77950_y3z65alaserjet_enterprise_flow_mfp_m527z_f2a78alaserjet_enterprise_m751_t3u44alaserjet_managed_mfp_e77822_x3a81alaserjet_enterprise_m4555_mfp_ce504alaserjet_enterprises_cp5525_ce708alaserjet_managed_e60065_m0p35alaserjet_managed_mfp_e77830_z8z04alaserjet_managed_flow_mfp_e82540_x3a74alaserjet_managed_mfp_e62565_j8j79alaserjet_managed_e65050_l3u55alaserjet_enterprise_flow_mfp_m631_j8j64alaserjet_enterprise_m507_1pu52alaserjet_managed_flow_mfp_e72525_z8z010apagewide_managed_mfp_p77950_5zp00apagewide_managed_mfp_p77960_y3z65alaserjet_managed_flow_mfp_m880zm_a2w75alaserjet_enterprise_m653_j8a05alaserjet_managed_m605_l3u54alaserjet_managed_flow_mfp_e72525_z8z07alaserjet_managed_m651_cz255alaserjet_managed_mfp_e82540_x3a79alaserjet_enterprise_m855_a2w79alaserjet_managed_mfp_e87650_x3a86alaserjet_managed_mfp_e87650_x3a93alaserjet_managed_mfp_m775_l3u50apagewide_755_4pz47apagewide_managed_flow_mfp_e77650_j7z08apagewide_managed_mfp_p77960_5zn99alaserjet_managed_mfp_e72530_z8z06alaserjet_managed_flow_mfp_e82550_x3a72apagewide_enterprise_flow_mfp_780f_j7z09alaserjet_managed_mfp_e72525_x3a59apagewide_managed_mfp_e77650_j7z13alaserjet_managed_e60065_m0p36alaserjet_enterprise_mfp_m527_f2a76alaserjet_managed_flow_mfp_e72535_z8z011alaserjet_managed_flow_mfp_e72530_z8z06alaserjet_managed_flow_mfp_e72535_x3a63apagewide_managed_mfp_p77950_y3z62alaserjet_managed_flow_mfp_e82550_x3a82alaserjet_managed_mfp_e72530_x3a59afuturesmart_4laserjet_managed_mfp_e82560_x3a72alaserjet_managed_mfp_m527_f2a80apagewide_managed_flow_mfp_e77660z_j7z08alaserjet_managed_m605_e6b69apagewide_managed_mfp_p77950_y3z64alaserjet_managed_mfp_e72525_x3a65alaserjet_managed_flow_mfp_m830_cf367alaserjet_managed_mfp_e67550_l3u67alaserjet_managed_m553_b5l24alaserjet_managed_flow_mfp_e82560_x3a68apagewide_enterprise_mfp_586_g1w41alaserjet_managed_mfp_e77822_z8z02alaserjet_managed_mfp_m775_l3u49alaserjet_enterprise_flow_mfp_m830_l3u65alaserjet_managed_500_mfp_m525_l3u60alaserjet_enterprise_m608_k0q17alaserjet_enterprise_m4555_mfp_ce738alaserjet_enterprise_m506_f2a67alaserjet_enterprise_600_m603_ce996alaserjet_managed_mfp_m680_l3u47alaserjet_enterprise_mfp_m680_cz249alaserjet_enterprise_flow_mfp_m682_j8a17alaserjet_enterprise_flow_mfp_m527z_f2a81alaserjet_managed_mfp_m775_cc524alaserjet_enterprise_500_mfp_m525f_cf117alaserjet_enterprise_500_mfp_m575_cd646alaserjet_managed_mfp_m527_f2a79apagewide_enterprise_flow_mfp_785_j7z11alaserjet_managed_mfp_m725_cf067alaserjet_enterprise_flow_mfp_m527z_f2a77alaserjet_managed_mfp_e72535_z8z011alaserjet_managed_mfp_e77422_5rc91aofficejet_managed_flow_mfp_x585_b5l06alaserjet_enterprise_mfp_m528_1pv65alaserjet_managed_flow_mfp_e72525_x3a60alaserjet_managed_flow_mfp_m577_b5l49alaserjet_managed_mfp_e72535_z8z06alaserjet_managed_mfp_e87660_z8z12alaserjet_managed_mfp_e82560_x3a75alaserjet_managed_flow_mfp_e72525_x3a65alaserjet_managed_mfp_e87640_z8z17alaserjet_managed_mfp_e72430_5cm71alaserjet_managed_flow_mfp_e82550_x3a79alaserjet_managed_e85055_t3u66alaserjet_enterprise_m604_e6b68aofficejet_enterprise_x555_c2s11alaserjet_managed_mfp_e72430_5cm72alaserjet_managed_m651_cz256apagewide_enterprise_flow_mfp_780f_j7z10alaserjet_managed_mfp_e72535_x3a62alaserjet_managed_flow_mfp_e87640_x3a92alaserjet_managed_mfp_e82550_x3a79aofficejet_enterprise_x555_c2s12alaserjet_managed_mfp_e72535_x3a63alaserjet_managed_flow_mfp_e52545c_3gy20alaserjet_managed_mfp_e82550_x3a69alaserjet_managed_flow_mfp_e62555_j8j80alaserjet_managed_mfp_e82560_x3a71apagewide_managed_mfp_p77960_2gp23alaserjet_managed_mfp_e72425_5cm70alaserjet_managed_flow_mfp_e72530_x3a66alaserjet_enterprise_flow_mfp_m880z_l3u51alaserjet_enterprise_mfp_m631_j8j64alaserjet_managed_mfp_e82560_z8z19laserjet_managed_flow_mfp_e87640_z8z12apagewide_managed_mfp_p77960_5zn98alaserjet_managed_flow_mfp_m630_p7z48apagewide_managed_flow_mfp_e77650_z5g79alaserjet_enterprise_m4555_mfp_ce503alaserjet_managed_mfp_e77428_5rc92alaserjet_enterprise_m806_cz244alaserjet_managed_flow_mfp_e72525_x3a63apagewide_mfp_779_4pz46apagewide_managed_mfp_p77940_y3z62alaserjet_managed_mfp_e62555_j8j66apagewide_enterprise_flow_mfp_586z_g1w40alaserjet_managed_m605_l3u53alaserjet_managed_mfp_e72525_x3a63alaserjet_enterprise_m608_k0q18apagewide_managed_mfp_p77940_2gp23alaserjet_enterprise_flow_mfp_m680_ca251alaserjet_managed_mfp_e87660_x3a86alaserjet_enterprise_m651_cz256alaserjet_enterprise_flow_mfp_m575_cd644apagewide_managed_mfp_p77950_2gp23apagewide_managed_e55650_l3u44alaserjet_enterprise_m609_k0q20apagewide_enterprise_556_g1w46apagewide_managed_mfp_p77950_5zp01alaserjet_managed_mfp_e77825_z8z02alaserjet_managed_flow_mfp_e62555_j8j79alaserjet_managed_flow_mfp_e87640_x3a87aofficejet_managed_mfp_x585_l3u40alaserjet_managed_mfp_e72535_x3a59alaserjet_managed_mfp_e82550_x3a72alaserjet_enterprise_flow_mfp_m880z_d7p70alaserjet_enterprise_m651_l8z07alaserjet_managed_flow_mfp_e77830_z8z01alaserjet_managed_mfp_e72530_x3a63alaserjet_managed_flow_mfp_e82560_z8z22alaserjet_managed_flow_mfp_e77830_x3a80apagewide_managed_mfp_p77960_y3z61alaserjet_enterprise_m606_e6b72alaserjet_enterprise_m605_e6b71alaserjet_managed_mfp_e62555_j8j73apagewide_managed_flow_mfp_e77660z_j7z05alaserjet_managed_mfp_e87660_x3a90alaserjet_managed_e65050_l3u56alaserjet_managed_flow_mfp_m830_l3u65alaserjet_managed_flow_mfp_e77830_z8z05alaserjet_enterprise_m607_k0q15apagewide_managed_mfp_p77960_2gp22alaserjet_managed_flow_mfp_e82540_az8z20alaserjet_enterprise_flow_mfp_m630_l3u62alaserjet_enterprise_m750_d3l08alaserjet_enterprise_m856_t3u51alaserjet_managed_mfp_e62555_j8j79alaserjet_enterprises_cp5525_ce709aofficejet_enterprise_flow_mfp_x585_b5l06alaserjet_managed_flow_mfp_e62565_j8j66alaserjet_managed_mfp_m577_b5l49alaserjet_managed_e65060_l3u55alaserjet_managed_flow_mfp_e87640_z8z13alaserjet_enterprise_m607_k0q14alaserjet_cm4540_mfp_cc421alaserjet_managed_flow_mfp_e72525_z8z06alaserjet_managed_flow_mfp_e82540_x3a71alaserjet_enterprise_m653_j8a06apagewide_managed_e75160_j7z06apagewide_managed_mfp_p77960_5zp00alaserjet_managed_flow_mfp_e62575_j8j73alaserjet_managed_mfp_e72530_z8z010alaserjet_managed_mfp_e87650_x3a89apagewide_managed_mfp_e58650dn_l3u43alaserjet_managed_e60075_m0p40alaserjet_managed_mfp_e87660_x3a93alaserjet_enterprise_m506_f2a69alaserjet_managed_mfp_e82540_x3a71apagewide_managed_mfp_p77940_5zp01alaserjet_enterprise_mfp_m633_j8j76alaserjet_managed_mfp_e82550_z8z19laserjet_enterprise_flow_mfp_m681_j8a13alaserjet_managed_flow_mfp_e62555_j8j67apagewide_managed_mfp_p77440_y3z60alaserjet_managed_m506_f2a71alaserjet_enterprise_600_m603_ce995alaserjet_managed_flow_mfp_e67550_l3u67alaserjet_enterprise_flow_mfp_m633_j8j78alaserjet_managed_mfp_e77830_x3a78apagewide_managed_mfp_p77940_5zn99apagewide_enterprise_mfp_586_g1w39alaserjet_managed_flow_mfp_e67550_l3u66alaserjet_managed_flow_mfp_e87650_x3a89alaserjet_managed_mfp_e72430_5cm68apagewide_managed_flow_mfp_e77660z_z5g77alaserjet_managed_flow_mfp_m880zm_a2w76alaserjet_managed_mfp_e67560_l3u70alaserjet_managed_m605_e6b71alaserjet_managed_e50145_1pu52alaserjet_managed_flow_mfp_e72525_z8z09alaserjet_enterprise_mfp_m527_f2a81alaserjet_enterprise_500_mfp_m525f_cf116alaserjet_managed_flow_mfp_e82540_z8z18alaserjet_enterprise_m506_f2a68alaserjet_managed_e60075_m0p35alaserjet_enterprise_m507_1pv86alaserjet_enterprise_m608_m0p32alaserjet_enterprise_m553_b5l26apagewide_managed_mfp_p77940_5zp00alaserjet_enterprise_mfp_m528_1ps54alaserjet_managed_500_mfp_m525_l3u59alaserjet_managed_mfp_e72425_5cm68alaserjet_managed_mfp_e72525_x3a60alaserjet_enterprise_mfp_m681_j8a13alaserjet_enterprise_mfp_m725_cf066alaserjet_managed_flow_mfp_e77825_x3a80alaserjet_managed_mfp_e77830_x3a81apagewide_managed_mfp_e58650dn_l3u42alaserjet_managed_mfp_e87650_x3a92alaserjet_managed_flow_mfp_e87660_z8z13alaserjet_managed_mfp_e82550_x3a82alaserjet_managed_mfp_e77825_z8z04alaserjet_managed_m506_f2a70alaserjet_managed_flow_mfp_e82540_x3a68alaserjet_managed_mfp_e77825_z8z00apagewide_enterprise_flow_mfp_785_j7z12alaserjet_enterprise_flow_mfp_m525_cf116alaserjet_managed_mfp_e72535_z8z07alaserjet_enterprise_flow_mfp_m631_j8j65alaserjet_managed_m651_h0dc9alaserjet_managed_flow_mfp_e87640_x3a86alaserjet_managed_e50045_3gn19alaserjet_enterprise_m653_j8a04alaserjet_enterprise_flow_mfp_m577_b5l54alaserjet_enterprise_flow_mfp_m577_b5l47alaserjet_managed_flow_mfp_m880zm_l3u51alaserjet_enterprise_600_m602_ce992alaserjet_enterprise_m605_e6b69alaserjet_managed_mfp_e52645_1pv65alaserjet_enterprise_flow_mfp_m630_p7z47alaserjet_managed_mfp_m725_cf066alaserjet_enterprise_m507_1pv89alaserjet_managed_mfp_e82540_x3a69alaserjet_managed_mfp_e87660_z8z15alaserjet_managed_mfp_m630_b3g84alaserjet_managed_flow_mfp_e77830_x3a83alaserjet_managed_mfp_e87660_z8z16alaserjet_enterprise_mfp_m725_cf068alaserjet_managed_flow_mfp_e87640_x3a90alaserjet_managed_mfp_e82550_x3a71apagewide_managed_mfp_p77950_y3z66alaserjet_managed_mfp_e72530_x3a66alaserjet_enterprise_flow_mfp_m681_j8a10alaserjet_managed_flow_mfp_e82540_z8z22alaserjet_managed_mfp_e72425_5cm71alaserjet_managed_flow_mfp_e82560_z8z18alaserjet_enterprise_700_m712_cf236alaserjet_enterprise_mfp_m631_j8j63alaserjet_managed_flow_mfp_e72530_x3a63alaserjet_managed_500_mfp_m575_l3u45alaserjet_managed_e65060_l3u56alaserjet_managed_flow_mfp_e87650_z8z13alaserjet_enterprise_mfp_m632_j8j70apagewide_enterprise_556_g1w46vlaserjet_managed_e85055_t3u51alaserjet_managed_mfp_e72425_5cm69alaserjet_enterprise_flow_mfp_m632_j8j71alaserjet_enterprise_m751_t3u43alaserjet_managed_mfp_e62555_j8j80alaserjet_enterprise_m651_cz257alaserjet_managed_mfp_e77422_5cm76alaserjet_managed_flow_mfp_e82560_x3a71alaserjet_managed_mfp_e87650_x3a90alaserjet_managed_mfp_e77822_z8z00alaserjet_managed_flow_mfp_e87650_x3a92alaserjet_managed_mfp_e67550_l3u69alaserjet_managed_mfp_e52645_1pv49alaserjet_enterprise_flow_mfp_m575_cd646alaserjet_enterprise_mfp_m632_j8j71alaserjet_managed_flow_mfp_e82540_z8z19laserjet_enterprise_m806_cz245alaserjet_enterprise_mfp_m528_1pv66alaserjet_managed_flow_mfp_e52545c_3gy19alaserjet_enterprise_500_m551_cf083alaserjet_managed_e60065_m0p40alaserjet_managed_flow_mfp_e62575_j8j79apagewide_mfp_774_4pz43alaserjet_managed_mfp_e87640_z8z13alaserjet_enterprises_cp5525_ce707alaserjet_managed_mfp_e82540_z8z23apagewide_managed_mfp_p77940_2gp22alaserjet_managed_e60075_m0p36alaserjet_enterprise_700_mfp_m775_cc523alaserjet_enterprise_mfp_m682_j8a16alaserjet_managed_mfp_e77428_5cm76alaserjet_managed_e60055_m0p35alaserjet_managed_mfp_e77422_5cm79alaserjet_managed_mfp_e72430_5rc90alaserjet_managed_mfp_m725_l3u63alaserjet_managed_mfp_e62565_j8j67alaserjet_enterprise_m855_a2w78aofficejet_enterprise_mfp_x585_b5l04alaserjet_managed_flow_mfp_e87640_z8z16alaserjet_managed_e75245_t3u44alaserjet_managed_mfp_e87650_x3a87alaserjet_managed_flow_mfp_m680_l3u48apagewide_mfp_779_4pz45alaserjet_managed_flow_mfp_e72535_x3a59alaserjet_managed_flow_mfp_e82560_x3a75alaserjet_managed_mfp_e82550_x3a75alaserjet_enterprise_m856_t3u66alaserjet_managed_flow_mfp_e82550_x3a74alaserjet_managed_flow_mfp_e67550_l3u69alaserjet_managed_mfp_e87640_x3a92apagewide_enterprise_mfp_586_g1w40alaserjet_managed_mfp_e82550_z8z22alaserjet_managed_flow_mfp_e77822_z8z01alaserjet_managed_mfp_e87660_z8z13apagewide_managed_mfp_p77940_y3z65alaserjet_enterprise_m609_k0q21alaserjet_managed_mfp_e72525_z8z09alaserjet_managed_flow_mfp_e87650_z8z12alaserjet_managed_mfp_e62565_j8j73alaserjet_enterprise_500_mfp_m575_cd644alaserjet_managed_mfp_e87640_x3a87alaserjet_enterprise_m605_e6b70alaserjet_managed_mfp_m680_l3u48alaserjet_enterprise_m606_e6b73alaserjet_enterprise_m608_k0q19alaserjet_managed_flow_mfp_e87660_z8z16alaserjet_enterprise_m750_d3l09alaserjet_managed_mfp_e52545_3gy20aofficejet_enterprise_flow_mfp_x585_b5l07alaserjet_managed_mfp_e87660_x3a87alaserjet_enterprise_mfp_m725_l3u63apagewide_managed_mfp_p77950_y3z63alaserjet_managed_mfp_e87650_z8z14alaserjet_managed_m651_l8z07apagewide_managed_mfp_e77650_z5g79alaserjet_managed_flow_mfp_m880zm_l3u52apagewide_managed_mfp_p77950_y3z68alaserjet_managed_mfp_e77822_x3a78alaserjet_managed_e50145_1pv87alaserjet_managed_mfp_e62565_j8j80apagewide_managed_mfp_p77960_5zp01alaserjet_enterprise_600_m601_ce990alaserjet_managed_flow_mfp_e62565_j8j73alaserjet_enterprise_flow_mfp_m682_j8a16alaserjet_managed_flow_mfp_e87650_z8z17alaserjet_managed_mfp_e77830_z8z00alaserjet_enterprise_mfp_m681_j8a11a_laserjet_managed_flow_mfp_e87660_x3a93alaserjet_enterprise_mfp_m527_f2a77alaserjet_managed_mfp_e72525_z8z06alaserjet_enterprise_mfp_m528_1ps55alaserjet_managed_flow_mfp_e62565_j8j67apagewide_enterprise_mfp_780_j7z10alaserjet_enterprise_flow_mfp_m830_cf367alaserjet_managed_flow_mfp_e82550_x3a68alaserjet_enterprise_flow_mfp_m527z_f2a76alaserjet_managed_flow_mfp_e82540_x3a75alaserjet_managed_flow_mfp_e72535_x3a62alaserjet_managed_flow_mfp_e87640_x3a89alaserjet_enterprise_mfp_m527_f2a78alaserjet_managed_mfp_e72535_z8z010alaserjet_cm4540_mfp_cc419alaserjet_managed_flow_mfp_e72530_x3a59alaserjet_managed_mfp_e72530_x3a62alaserjet_enterprise_m507_1pu51apagewide_managed_mfp_p77960_2gp26alaserjet_enterprise_mfp_m682_j8a17alaserjet_managed_mfp_e87640_z8z15alaserjet_managed_flow_mfp_e87650_x3a93alaserjet_managed_mfp_e87650_z8z12alaserjet_managed_flow_mfp_e72530_x3a60alaserjet_managed_mfp_e77422_5cm78alaserjet_enterprise_m604_e6b67alaserjet_managed_flow_mfp_e72535_z8z010alaserjet_enterprise_flow_mfp_m577_b5l48alaserjet_managed_flow_mfp_e82560_az8z20alaserjet_managed_flow_mfp_e87650_z8z14apagewide_managed_flow_mfp_e58650z_l3u42alaserjet_managed_flow_mfp_e87660_z8z12alaserjet_enterprise_flow_mfp_m632_j8j70alaserjet_enterprise_m553_b5l25alaserjet_enterprise_700_mfp_m775_l3u49aofficejet_enterprise_mfp_x585_b5l05apagewide_enterprise_765_j7z04alaserjet_managed_mfp_e82540_x3a68alaserjet_managed_mfp_e72430_5cm69alaserjet_managed_flow_mfp_e87660_z8z17alaserjet_managed_mfp_e72530_z8z011alaserjet_enterprise_m651_cz255alaserjet_enterprise_mfp_m681_j8a10apagewide_managed_mfp_e77650_j7z14alaserjet_managed_mfp_e52645_1pv66alaserjet_enterprise_flow_mfp_m880z_d7p71alaserjet_enterprise_m856_t3u52alaserjet_managed_mfp_e87660_x3a92alaserjet_managed_mfp_m775_cc522alaserjet_managed_mfp_e67550_l3u70alaserjet_managed_mfp_e82560_z8z18apagewide_managed_mfp_p77940_y3z61alaserjet_managed_mfp_e82540_x3a75alaserjet_enterprise_mfp_m630_b3g84apagewide_managed_mfp_p77960_y3z68alaserjet_managed_e60055_m0p36alaserjet_managed_mfp_e77825_x3a81alaserjet_managed_flow_mfp_e87660_z8z15alaserjet_enterprise_m750_d3l10alaserjet_managed_mfp_e72525_x3a62apagewide_managed_flow_mfp_e77660z_j7z13alaserjet_enterprise_flow_mfp_m880z_l3u52alaserjet_managed_mfp_m577_b5l50adigital_sender_flow_8500_fn2_document_capture_workstation_l2762alaserjet_managed_mfp_e52645_1ps55alaserjet_managed_flow_mfp_e87640_z8z14alaserjet_managed_mfp_e67560_l3u66alaserjet_managed_mfp_m725_cf069alaserjet_managed_flow_mfp_m577_b5l50alaserjet_managed_e55040dw_3gx98ascanjet_enterprise_flow_n9120_fn2_document_scanner_l2763alaserjet_enterprise_mfp_m680_cz250alaserjet_enterprise_mfp_m776_t3u56alaserjet_managed_mfp_e82550_x3a74afuturesmart_3laserjet_enterprise_m751_t3u64alaserjet_enterprise_flow_mfp_m525_cf118alaserjet_enterprise_mfp_m680_ca251alaserjet_managed_mfp_e87640_x3a93alaserjet_managed_mfp_e67550_l3u66alaserjet_managed_mfp_e77428_5cm75alaserjet_managed_flow_mfp_e62565_j8j74alaserjet_managed_mfp_m775_cf304alaserjet_managed_flow_mfp_e72530_x3a65alaserjet_managed_e65060_l3u57alaserjet_managed_flow_mfp_e72535_z8z07alaserjet_managed_flow_mfp_m527z_f2a80alaserjet_managed_mfp_e72425_5rc90apagewide_managed_mfp_p77960_2gp25apagewide_enterprise_mfp_780_j7z09alaserjet_managed_mfp_e87660_z8z17alaserjet_enterprise_m605_l3u53alaserjet_managed_flow_mfp_e87660_x3a87alaserjet_managed_mfp_e72430_5cm70alaserjet_managed_mfp_e72535_z8z09alaserjet_managed_flow_mfp_e77822_z8z05alaserjet_managed_flow_mfp_e62555_j8j66alaserjet_managed_mfp_e62565_j8j66alaserjet_enterprise_500_m551_cf082alaserjet_enterprise_m855_d7p72alaserjet_managed_e50145_1pv86alaserjet_managed_mfp_e82540_x3a74alaserjet_managed_flow_mfp_e72535_x3a66alaserjet_enterprise_mfp_m528_1pv64alaserjet_enterprise_mfp_m630_l3u61alaserjet_managed_mfp_m725_l3u64alaserjet_enterprise_mfp_m577_b5l54alaserjet_managed_mfp_e72425_5rc89apagewide_managed_mfp_p77960_y3z64alaserjet_managed_m553_b5l25alaserjet_managed_mfp_e72535_x3a65apagewide_enterprise_556_g1w47alaserjet_managed_mfp_e87650_z8z13alaserjet_managed_flow_mfp_e82550_x3a75ascanjet_enterprise_8500_fn1_document_capture_workstation_l2717apagewide_managed_mfp_p77950_2gp25apagewide_managed_mfp_e77650_j7z05alaserjet_managed_flow_mfp_e67560_l3u67alaserjet_managed_flow_mfp_e62575_j8j80alaserjet_managed_mfp_e72530_z8z07alaserjet_managed_flow_mfp_e77822_x3a83alaserjet_managed_flow_mfp_e77825_x3a77alaserjet_managed_flow_mfp_e72530_z8z09alaserjet_managed_m506_f2a66apagewide_managed_mfp_p77950_y3z61alaserjet_enterprise_mfp_m528_1pv67apagewide_managed_mfp_p77960_y3z66alaserjet_managed_mfp_e52645_1ps54alaserjet_enterprise_700_m712_cf238alaserjet_managed_flow_mfp_e77830_z8z0alaserjet_managed_m506_f2a67alaserjet_managed_flow_mfp_e87660_x3a90alaserjet_managed_mfp_e77825_x3a78alaserjet_enterprise_flow_mfp_m776_t3u56alaserjet_managed_mfp_e82550_z8z18alaserjet_managed_flow_mfp_e87660_x3a89alaserjet_managed_flow_mfp_e87640_z8z17alaserjet_managed_m553_b5l39alaserjet_managed_mfp_e67560_l3u67alaserjet_managed_flow_mfp_e67560_l3u69apagewide_managed_flow_mfp_e77660z_z5g79alaserjet_managed_mfp_e72535_x3a66alaserjet_managed_mfp_e82560_x3a82alaserjet_managed_flow_mfp_e72525_z8z011alaserjet_managed_flow_mfp_e72530_z8z08alaserjet_managed_flow_mfp_m880zm_d7p70alaserjet_managed_flow_mfp_e77822_x3a80alaserjet_managed_flow_mfp_e67560_l3u66alaserjet_managed_m506_f2a68alaserjet_managed_flow_mfp_e82550_z8z19laserjet_managed_flow_mfp_m525_l3u60alaserjet_managed_e60065_m0p33aofficejet_managed_flow_mfp_x585_l3u41alaserjet_managed_flow_mfp_e82560_x3a72alaserjet_managed_m553_bl27alaserjet_enterprise_flow_mfp_m680_cz249apagewide_managed_flow_mfp_e77650_j7z05alaserjet_enterprise_flow_mfp_m525_cf117alaserjet_enterprise_mfp_m630_j7x28apagewide_managed_flow_mfp_e58650z_l3u43alaserjet_enterprise_flow_mfp_m680_cz250alaserjet_managed_mfp_e87640_z8z12aHP Color LaserJet Managed Printers, HP Color LaserJet Enterprise Printers
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19466
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.35% / 57.71%
||
7 Day CHG~0.00%
Published-05 Dec, 2019 | 16:13
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SCEditor 2.1.3 allows XSS.

Action-Not Available
Vendor-sceditorn/a
Product-sceditorn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-4754
Matching Score-4
Assigner-Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
ShareView Details
Matching Score-4
Assigner-Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
CVSS Score-6.1||MEDIUM
EPSS-0.03% / 8.22%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 06:03
Updated-26 Mar, 2026 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CWE-79 in MolotovCherry Android-ImageMagick7

CWE-79 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.

Action-Not Available
Vendor-molotovcherryMolotovCherry
Product-android-imagemagick7Android-ImageMagick7
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19371
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.33% / 55.54%
||
7 Day CHG~0.00%
Published-02 Mar, 2020 | 17:55
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting (XSS) vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the join meeting interface. A successful exploit could allow an attacker to execute arbitrary scripts.

Action-Not Available
Vendor-n/aMitel Networks Corp.
Product-micollab_audio\,_web_\&_video_conferencingn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19515
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.33%
||
7 Day CHG~0.00%
Published-05 May, 2020 | 17:01
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in wireless settings.

Action-Not Available
Vendor-ayisionn/a
Product-ays-wr01ays-wr01_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19540
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.19% / 40.84%
||
7 Day CHG~0.00%
Published-26 Dec, 2019 | 14:33
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ListingPro theme before v2.0.14.2 for WordPress has Reflected XSS via the What field on the homepage.

Action-Not Available
Vendor-cridion/a
Product-listingpron/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19385
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.43% / 62.53%
||
7 Day CHG~0.00%
Published-28 Nov, 2019 | 23:56
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter.

Action-Not Available
Vendor-fusionpbxn/a
Product-fusionpbxn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-18816
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.33% / 56.01%
||
7 Day CHG~0.00%
Published-07 Nov, 2019 | 16:08
Updated-05 Aug, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allows post[1][content]= stored XSS.

Action-Not Available
Vendor-popojicmsn/a
Product-popojicmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-0312
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.6||HIGH
EPSS-0.67% / 71.47%
||
7 Day CHG~0.00%
Published-15 Jan, 2023 | 00:00
Updated-07 Apr, 2025 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10.

Action-Not Available
Vendor-Thorsten Rinne (phpMyFAQ)
Product-phpmyfaqthorsten/phpmyfaq
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-3097
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.1||MEDIUM
EPSS-0.20% / 41.85%
||
7 Day CHG~0.00%
Published-02 Apr, 2025 | 09:21
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wp Time Machine <= 3.4.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The wp Time Machine plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.0. This is due to missing or incorrect nonce validation on the 'wpTimeMachineCore.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-paulgpetty
Product-wp Time Machine
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19386
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.43% / 62.53%
||
7 Day CHG~0.00%
Published-28 Nov, 2019 | 23:56
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter.

Action-Not Available
Vendor-fusionpbxn/a
Product-fusionpbxn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 207
  • 208
  • Next
Details not found