#xss

PHP MaXiMuS version 2.5.2 suffers from a cross site scripting vulnerability.

NUKE SENTINEL version 2.5.2 suffers from a cross site scripting vulnerability.

eDesign CMS version 2.0 suffers from an insecure direct object reference vulnerability.

Xhibiter NFT Marketplace version 1.10.2 suffers from a cross site scripting vulnerability.

Candy Redis version 2.1.2 appears to suffer from an administrative page disclosure issue.

Agop CMS version 1.0 suffers from an insecure direct object reference vulnerability.

In janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitization performed by the clean_string function. The vulnerability arises from the way the clean_string function handles HTML sanitization.

Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.

Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.

In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.