Show filters
5 Total Results
Displaying 1-5 of 5
Sort by:
Attacker Value
Unknown

CVE-2025-27325

Disclosure Date: February 24, 2025 (last updated February 25, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruce Video.js HLS Player allows DOM-Based XSS. This issue affects Video.js HLS Player: from n/a through 1.0.2.
0
0
Attacker Value
Unknown

CVE-2025-22267

Disclosure Date: January 21, 2025 (last updated February 27, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bruce Wampler Weaver Themes Shortcode Compatibility allows Stored XSS. This issue affects Weaver Themes Shortcode Compatibility: from n/a through 1.0.4.
0
0
Attacker Value
Unknown

CVE-2024-44796

Disclosure Date: August 26, 2024 (last updated February 26, 2025)
A cross-site scripting (XSS) vulnerability in the component /auth/AzureRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error_description parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-44794

Disclosure Date: August 26, 2024 (last updated February 26, 2025)
A cross-site scripting (XSS) vulnerability in the component /master/auth/OnedriveRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the error_description parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2007-3202

Disclosure Date: June 12, 2007 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in the rich text editor in Webwiz allows remote attackers to inject arbitrary web script or HTML via URL-encoded HTML composed of a frameset in which a frame has a SRC attribute pointing to a JavaScript document.
0
0