Cross-site scripting vulnerabilities
Cross-site scripting executes attacker-controlled JavaScript in another user’s browser session. Stored XSS in admin interfaces is the dangerous variant tracked here: it turns a low-privilege foothold into admin session theft, and several appliance XSS bugs have been chained into full compromise in real attacks.
Classification is assigned by the CSIRTS enrichment pipeline from the advisory text. The list below shows the latest advisories tagged cross-site scripting, newest first, across national CERTs, vendor PSIRTs and vulnerability databases — exploited marks CVEs in the CISA KEV catalog.