stored xss vulnerabilities and exploits

4.3
CVSSv2
CVE-2017-15574

In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment....

4.3
CVSSv2
CVE-2012-4384

letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar...

TrilexnetLetodmsDebianDebian Linux
3.5
CVSSv2
CVE-2018-15880

An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile page could lead to a stored XSS attack....

3.5
CVSSv2
CVE-2017-3128

A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS allows attackers to execute unauthorized code or commands via the policy global-label parameter....

4.3
CVSSv2
CVE-2015-7518

Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit...

4.3
CVSSv2
CVE-2018-11522

Yosoro 1.0.4 has stored XSS....

Yosoro ProjectYosoro
4.3
CVSSv2
CVE-2014-3654

Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2)...

4.3
CVSSv2
CVE-2018-17596

In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter....

3.5
CVSSv2
CVE-2018-1000095

oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. This vulnerability appears to have been fixed in version 4.2.3....

3.5
CVSSv2
CVE-2019-16704

admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS....