macOS and iOS have an ImageIO heap corruption issue when processing malformed PVR images.

launchd on macOS and iOS suffer from a memory corruption issue due to a lack of bounds checking when parsing XPC messages.

A remote iOS / macOS heap corruption issue exists due to insufficient bounds checking in AWDL.

SuperBackup version 2.0.5 for iOS suffers from a persistent cross site scripting vulnerability.

AirDisk Pro version 5.5.3 for iOS suffers from multiple persistent cross site scripting vulnerabilities.

Folder Lock version 3.4.5 for iOS suffers from multiple cross site scripting vulnerabilities.

Sky File version 2.1.0 for iOS suffers from cross site scripting and directory traversal vulnerabilities.

Ac4p.com Gallery version 1.0 suffers from cross site scripting, phpinfo disclosure, shell upload, and insecure cookie handling vulnerabilities.

P5 FNIP-8x16A / FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from cross site request forgery and cross site scripting vulnerabilities.

An issue was discovered in osTicket versions before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions.

PHP-Fusion CMS versions 9 through 9.03 suffer from multiple cross site scripting vulnerabilities.

Neowise CarbonFTP version 1.4 suffers from an insecure proprietary password encryption implementation. Second version of this exploit that is updated to work with Python 3.

CentOS-WebPanel.com Control Web Panel (CWP) version 0.9.8.846 suffers from a reflective cross site scripting vulnerability.

CentOS version 7.6.1810 with Control Web Panel version 0.9.8.837 suffers from a persistent cross site scripting vulnerability.

User Management System version 2.0 suffers from a persistent cross site scripting vulnerability.

Complaint Management System version 4.2 suffers from a persistent cross site scripting vulnerability.

jQuery versions prior to 3.5 suffer from an html() cross site scripting vulnerability.

Open-AudIT version 3.3.0 suffers from a cross site scripting vulnerability.

Geeklog version 2.2.1 suffers from a cross site scripting vulnerability.

POS PHP version 17.5 suffers from a persistent cross site scripting vulnerability.

Easy Transfer version 1.7 for iOS suffers from cross site scripting and directory traversal vulnerabilities.

ChemInv version 1 suffers from a persistent cross site scripting vulnerability.

Online Scheduling System version 1.0 suffers from a persistent cross site scripting vulnerability.

PHP-Fusion version 9.03.50 suffers from a persistent cross site scripting vulnerability.

osTicket version 1.14.1 suffers from a persistent cross site scripting vulnerability.

WordPress WooCommerce Advanced Order Export plugin version 3.1.3 suffers from a cross site scripting vulnerability.

Online Clothing Store version 1.0 suffers from a persistent cross site scripting vulnerability.

Sentrifugo CMS version 3.2 suffers from a persistent cross site scripting vulnerability.

iChat version 1.6 suffers from a cross site scripting vulnerability.

OpenZ ERP version 3.6.60 suffers from a persistent cross site scripting vulnerability.

Draytek VigorAP suffers from a persistent cross site scripting vulnerability. Multiple different versions are affected.

Tiny MySQL suffers from a cross site scripting vulnerability.

WebTareas version 2.0p8 suffers from a cross site scripting vulnerability.

WordPress Dosimple theme version 2.0 suffers from a cross site scripting vulnerability.

Grub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.

CHIYU BF430 TCP IP Converter suffers from a persistent cross site scripting vulnerability.

This whitepaper goes into detail on design and implementation details for performing voice encryption on telephone networks. Written in Spanish.

Juniper Secure Access suffers from a cross site scripting vulnerability. SA Appliances running Juniper IVE OS 6.0 or higher are affected.

This is a list of older cross site scripting and bypass vulnerabilities associated with older Juniper IVE releases.

Juniper Secure Access software suffers from a reflective cross site scripting vulnerability.

Juniper JunOS version 9.x suffers from a html injection vulnerability that allows for cross site scripting attacks.

The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.

The ShortComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of "dataOffsets[]" boundary checks when the "numDataElements" field is 0. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.