Page 4 of 8518 results (0.014 seconds)

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

27 May 2025 — IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site scripting. ... IBM DS8900F and DS8A00 Hardware Management Console (HMC) is vulnerable to stored cross-site scripting. • https://www.ibm.com/support/pages/node/7234276 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

27 May 2025 — Improper neutralization of input in Nagvis before version 1.9.47 which can lead to XSS • https://www.nagvis.org/downloads/changelog/1.9.47 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

23 May 2025 — Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle, pagedes, and email parameters. • https://github.com/0xBhushan/Writeups/blob/main/CVE/phpGurukul/Medical%20Card%20Generation%20System/Stored%20XSS-Contact%20Us.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

23 May 2025 — Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fromdate and todate parameters. • https://github.com/0xBhushan/Writeups/blob/main/CVE/phpGurukul/Medical%20Card%20Generation%20System/Stored%20XSS-Between%20Dates%20Reports.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

23 May 2025 — The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

23 May 2025 — PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter. • https://github.com/0xBhushan/Writeups/blob/main/CVE/phpGurukul/Medical%20Card%20Generation%20System/HTML%20Injection%28pagedes%29.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0

23 May 2025 — A reflected cross-site scripting (XSS) vulnerability in the component mcgs/download-medical-cards.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the searchdata parameter. • https://github.com/0xBhushan/Writeups/blob/main/CVE/phpGurukul/Medical%20Card%20Generation%20System/Reflected%20Cross-Site%20Scripting%20%28XSS%29-medical%20card%20details%20search.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

23 May 2025 — Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes. • https://github.com/0xBhushan/Writeups/blob/main/CVE/phpGurukul/Medical%20Card%20Generation%20System/HTML%20Injection%28pagedes%29.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0

22 May 2025 — A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. • https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3443 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

22 May 2025 — A reflected cross-site scripting (XSS) vulnerability exists in the sub-organization login flow of WSO2 Identity Server 7.0.0 due to improper input validation. • https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3425 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •