Filtered by CWE-79
Total 45422 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-35752 1 Janobe 1 Baby Care System 2025-11-18 5.4 Medium
Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Edit Page tab through the Post title parameter.
CVE-2025-45236 1 Dbsyncer Project 1 Dbsyncer 2025-11-18 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter.
CVE-2025-63713 2 Remyandrade, Sourcecodester 2 Matching Type Test, Matchmaster 2025-11-18 6.1 Medium
Cross-Site Scripting (XSS) vulnerability in SourceCodester "MatchMaster" 1.0 allows remote attackers to inject arbitrary web script or HTML via crafted input in the custom test creation feature. The vulnerability exists because the application fails to properly sanitize user-supplied input in test titles and matching pair items before rendering them in the DOM during test execution.
CVE-2025-12869 1 Aenrich 2 A+hrd, A\+hrd 2025-11-18 4.8 Medium
The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administrator privileges to inject persistent JavaScript codes that are executed in users' browsers upon page load.
CVE-2022-44759 1 Hcltech 1 Hcl Leap 2025-11-17 4.6 Medium
Improper sanitization of SVG files in HCL Leap allows client-side script injection in deployed applications.
CVE-2024-30147 1 Hcltech 1 Hcl Leap 2025-11-17 6.5 Medium
Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications.
CVE-2024-30114 1 Hcltech 1 Hcl Leap 2025-11-17 3.7 Low
Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment.
CVE-2024-30113 1 Hcltech 1 Hcl Leap 2025-11-17 6.3 Medium
Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget.
CVE-2023-37534 1 Hcltech 1 Hcl Leap 2025-11-17 7.1 High
Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters.
CVE-2025-34278 1 Nagios 1 Network Analyzer 2025-11-17 5.4 Medium
Nagios Network Analyzer versions prior to 2024R1 contain a stored cross-site scripting (XSS) vulnerability in the Source Groups page (percentile calculator menu). An attacker can supply a malicious payload which is stored by the application and later rendered in the context of other users. When a victim views the affected page the injected script executes in the victim's browser context.
CVE-2023-7323 1 Nagios 1 Log Server 2025-11-17 5.4 Medium
Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
CVE-2023-7321 1 Nagios 1 Log Server 2025-11-17 5.4 Medium
Nagios Log Server versions prior to 2.1.14 are vulnerable to cross-site scripting (XSS) via the Snapshots Page. Untrusted log content was not safely encoded for the output context, allowing attacker-controlled data present in logs to execute script in the victim’s browser within the application origin.
CVE-2023-7319 1 Nagios 1 Network Analyzer 2025-11-17 5.4 Medium
Nagios Network Analyzer versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Percentile Calculator menu. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
CVE-2023-7312 1 Nagios 1 Fusion 2025-11-17 4.8 Medium
Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting (XSS) vulnerability when adding or configuring Email Settings. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views the affected page. An attacker who can add or modify SMTP/email settings or manipulate the sendmail configuration fields could persist a malicious payload that executes in the context of other users' browsers.
CVE-2023-53690 1 Nagios 1 Fusion 2025-11-17 4.8 Medium
Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting (XSS) vulnerability in the LDAP/AD authentication-server configuration. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views the affected page. An attacker who can add authentication servers via LDAP/AD integration could persist a malicious payload that executes in the context of other users' browsers.
CVE-2023-53689 1 Nagios 1 Fusion 2025-11-17 4.8 Medium
Nagios Fusion versions prior to 4.2.0 contain a reflected cross-site scripting (XSS) vulnerability in the license key configuration flow that can result in execution of attacker-controlled script in the browser of a user who follows a crafted URL. While the application server itself is not directly corrupted by the reflected XSS, the resulting browser compromise can lead to credential/session theft and unauthorized administrative actions.
CVE-2020-36858 1 Nagios 1 Log Server 2025-11-17 5.4 Medium
Nagios Log Server versions prior to 2.1.6 contain cross-site scripting (XSS) vulnerabilities via the web interface on the Create User, Edit User, and Manage Host Lists pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
CVE-2018-25119 1 Nagios 1 Fusion 2025-11-17 6.1 Medium
Nagios Fusion versions prior to 4.1.5 are vulnerable to cross-site scripting (XSS) via the "fusionwindow" parameter. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
CVE-2017-20209 1 Nagios 1 Fusion 2025-11-17 6.1 Medium
Nagios Fusion versions prior to 4.0.1 are vulnerable to cross-site scripting (XSS) via the Users and Servers pages. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
CVE-2016-15049 1 Nagios 1 Log Server 2025-11-17 5.4 Medium
Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting (XSS) in the Dashboards section when rendering log entries in the Logs table. Untrusted log content was not safely encoded for the output context, allowing attacker-controlled data present in logs to execute script in the victim’s browser within the application origin.