stored xss vulnerabilities and exploits

4.3
CVSSv2
CVE-2017-15574

In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment....

3.5
CVSSv2
CVE-2018-15880

An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile page could lead to a stored XSS attack....

3.5
CVSSv2
CVE-2017-3128

A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter....

3.5
CVSSv2
CVE-2016-7463

Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM....

4.3
CVSSv2
CVE-2014-4871

Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter....

3.5
CVSSv2
CVE-2016-5398

Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes....

4.3
CVSSv2
CVE-2018-11522

Yosoro 1.0.4 has stored XSS....

Yosoro ProjectYosoro
4.3
CVSSv2
CVE-2012-5956

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine AssetExplorer 5.6 before service pack 5614 allow remote attackers to inject arbitrary web script or HTML via fields in XML asset data to discoveryServlet/WsDiscoveryServlet, as demonstrated by the...

4.3
CVSSv2
CVE-2015-7518

Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit...

7.5
CVSSv2
CVE-2016-9492

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include...