CWE-79

PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter.

PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter.

PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter.

PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter.

PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php.

PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter.

Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter.

PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter.

PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter.

PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter.

Bus Booking Script has XSS via the results.php datepicker parameter or the admin/new_master.php spemail parameter.

The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent Cross Site Scripting via tags-* array parameters in an admin.php?page=batch_manager&mode=unit request. An attacker can exploit this to hijack a client's browser along with the data stored in it.

Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter or the admin/userview.php uid parameter.

Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter.

Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS 3 before 3.2.0 Hotfix 7, as used in TIBCO BusinessWorks Process Monitor through 3.0.1.3 and other products, allows remote authenticated administrators to inject arbitrary web script or HTML via the users…

Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624.

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a…

An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. There is XSS in the administration interface.

WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search

Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.