Export limit exceeded: 347158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45638 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13132 | 1 Emlog | 1 Emlog | 2025-02-25 | 3.5 Low |
| A vulnerability classified as problematic was found in Emlog Pro up to 2.4.3. This vulnerability affects unknown code of the file /admin/article.php of the component Subpage Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0175 | 1 Anisha | 1 Online Shop | 2025-02-25 | 3.5 Low |
| A vulnerability was found in code-projects Online Shop 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view.php. The manipulation of the argument name/details leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1024 | 1 Churchcrm | 1 Churchcrm | 2025-02-25 | 4.8 Medium |
| A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting (XSS) in the EditEventAttendees.php page. This requires Administration privileges and affects the EID parameter. The flaw allows an attacker to steal session cookies, perform actions on behalf of an authenticated user, and gain unauthorized access to the application. | ||||
| CVE-2023-28670 | 1 Jenkins | 1 Pipeline Aggregator View | 2025-02-25 | 5.4 Medium |
| Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view's URL in inline JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission. | ||||
| CVE-2023-28666 | 1 Pluginus | 1 Inpost Gallery | 2025-02-25 | 5.4 Medium |
| The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the add_inpost_gallery_slide_item action, which can only be triggered by an authenticated user. | ||||
| CVE-2023-28664 | 1 Pluginus | 1 Wordpress Meta Data And Taxonomies Filter | 2025-02-25 | 5.4 Medium |
| The Meta Data and Taxonomies Filter WordPress plugin, in versions < 1.3.1, is affected by a reflected cross-site scripting vulnerability in the 'tax_name' parameter of the mdf_get_tax_options_in_widget action, which can only be triggered by an authenticated user. | ||||
| CVE-2023-28331 | 1 Moodle | 1 Moodle | 2025-02-25 | 6.1 Medium |
| Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk. | ||||
| CVE-2023-1535 | 1 Answer | 1 Answer | 2025-02-25 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7. | ||||
| CVE-2023-1572 | 1 Datagear | 1 Datagear | 2025-02-25 | 2 Low |
| A vulnerability has been found in DataGear up to 1.11.1 and classified as problematic. This vulnerability affects unknown code of the component Plugin Handler. The manipulation leads to cross site scripting. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.12.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-223564. | ||||
| CVE-2023-28932 | 1 Amauri | 1 Wpmobile.app | 2025-02-25 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMobile.App WPMobile.App — Android and iOS Mobile Application plugin <= 11.20 versions. | ||||
| CVE-2023-22702 | 1 Amauri | 1 Wpmobile.app | 2025-02-25 | 6.5 Medium |
| Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WPMobile.App WPMobile.App — Android and iOS Mobile Application plugin <= 11.13 versions. | ||||
| CVE-2023-26010 | 1 Amauri | 1 Wpmobile.app | 2025-02-25 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMobile.App plugin <= 11.18 versions. | ||||
| CVE-2025-0916 | 1 Yaycommerce | 1 Yaysmtp | 2025-02-25 | 7.2 High |
| The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: The vulnerability has been initially patched in version 2.4.8 and was reintroduced in version 2.4.9 with the removal of the wp_kses_post() built-in WordPress sanitization function. | ||||
| CVE-2023-28678 | 1 Jenkins | 1 Cppcheck | 2025-02-25 | 5.4 Medium |
| Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control report file contents. | ||||
| CVE-2023-28669 | 1 Jenkins | 1 Jacoco | 2025-02-25 | 5.4 Medium |
| Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action. | ||||
| CVE-2022-22512 | 1 Varta | 16 Element Backup, Element Backup Firmware, Element S1 and 13 more | 2025-02-25 | 9.8 Critical |
| Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network. | ||||
| CVE-2023-28665 | 1 Technocrackers | 1 Bulk Price Update For Woocommerce | 2025-02-25 | 5.4 Medium |
| The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the techno_get_products action, which can only be triggered by an authenticated user. | ||||
| CVE-2023-26283 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-02-25 | 5.4 Medium |
| IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416. | ||||
| CVE-2024-28989 | 1 Solarwinds | 1 Web Help Desk | 2025-02-25 | 5.5 Medium |
| SolarWinds Web Help Desk was found to have a hardcoded cryptographic key that could allow the disclosure of sensitive information from the software. | ||||
| CVE-2025-23110 | 1 Vanderbilt | 1 Redcap | 2025-02-25 | 6.1 Medium |
| An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting (XSS) vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file containing the XSS payload in the email-subject. Once the victim uploads the file, he automatically lands on a page to view the uploaded data. If the victim clicks on the email-subject value, it triggers the XSS payload. | ||||