Export limit exceeded: 347172 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45641 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1395 | 1 Yoga Class Registration System Project | 1 Yoga Class Registration System | 2025-02-26 | 3.5 Low |
| A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been declared as problematic. This vulnerability affects the function query of the file admin/user/list.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222982 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-43874 | 1 Ibm | 1 App Connect Enterprise Certified Container | 2025-02-26 | 6.1 Medium |
| IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239963. | ||||
| CVE-2023-1429 | 1 Pimcore | 1 Pimcore | 2025-02-26 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19. | ||||
| CVE-2023-29623 | 1 Purchase Order Management Project | 1 Purchase Order Management | 2025-02-26 | 6.1 Medium |
| Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php. | ||||
| CVE-2023-28607 | 1 Misp-project | 1 Malware Information Sharing Platform | 2025-02-26 | 6.1 Medium |
| js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip. | ||||
| CVE-2023-1025 | 1 Simplefilelist | 1 Simple File List | 2025-02-26 | 4.8 Medium |
| The Simple File List WordPress plugin before 6.0.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-34791 | 1 Wpbean | 1 Wpb Elementor Addons | 2025-02-26 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpbean WPB Elementor Addons allows Stored XSS.This issue affects WPB Elementor Addons: from n/a through 1.0.9. | ||||
| CVE-2023-27059 | 1 Churchcrm | 1 Churchcrm | 2025-02-26 | 7.8 High |
| A cross-site scripting (XSS) vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field. | ||||
| CVE-2023-1496 | 1 Evilmartians | 1 Imgproxy | 2025-02-26 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0. | ||||
| CVE-2023-1515 | 1 Pimcore | 1 Pimcore | 2025-02-26 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19. | ||||
| CVE-2023-1517 | 1 Pimcore | 1 Pimcore | 2025-02-26 | 4.8 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.19. | ||||
| CVE-2023-1248 | 1 Otrs | 1 Otrs | 2025-02-26 | 6.1 Medium |
| Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X before 7.0.42; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | ||||
| CVE-2023-0320 | 1 University Information Management System Project | 1 University Information Management System | 2025-02-26 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Izmir Katip Celebi University UBYS allows Stored XSS.This issue affects UBYS: before 23.03.16. | ||||
| CVE-2023-28083 | 2 Hp, Hpe | 162 Integrated Lights-out 4, Integrated Lights-out 5, Integrated Lights-out 6 and 159 more | 2025-02-26 | 8.3 High |
| A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out. | ||||
| CVE-2023-1500 | 1 Code-projects | 1 Simple Art Gallery | 2025-02-26 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file adminHome.php. The manipulation of the argument about_info leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223400. | ||||
| CVE-2023-28606 | 1 Misp-project | 1 Malware Information Sharing Platform | 2025-02-26 | 6.1 Medium |
| js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips. | ||||
| CVE-2023-27711 | 1 Typecho | 1 Typecho | 2025-02-26 | 4.8 Medium |
| Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via the Comment Manager /admin/manage-comments.php component. | ||||
| CVE-2023-24278 | 1 Squidex.io | 1 Squidex | 2025-02-26 | 6.1 Medium |
| Squidex before 7.4.0 was discovered to contain a squid.svg cross-site scripting (XSS) vulnerability. | ||||
| CVE-2023-0370 | 1 Wpbean | 1 Wpb Advanced Faq | 2025-02-26 | 5.4 Medium |
| The WPB Advanced FAQ WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-22288 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2025-02-26 | 6.8 Medium |
| HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails | ||||