Export limit exceeded: 45573 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45573 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33387 | 1 Datev | 1 Eg Personal-management System Comfort\/comfort Plus | 2024-12-06 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users' login data by sending a crafted link. | ||||
| CVE-2023-28800 | 1 Zscaler | 1 Client Connector | 2024-12-06 | 8.1 High |
| When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login. | ||||
| CVE-2024-1825 | 1 Codeastro | 1 House Rental Management System | 2024-12-06 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in CodeAstro House Rental Management System 1.0. This affects an unknown part of the component User Registration Page. The manipulation of the argument address with the input <img src="1" onerror="console.log(1)"> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254613 was assigned to this vulnerability. | ||||
| CVE-2023-34836 | 1 Escanav | 1 Escan Management Console | 2024-12-05 | 5.4 Medium |
| A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters. | ||||
| CVE-2023-34835 | 1 Escanav | 1 Escan Management Console | 2024-12-05 | 5.4 Medium |
| A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter. | ||||
| CVE-2023-34830 | 1 I-doit | 1 I-doit | 2024-12-05 | 5.4 Medium |
| i-doit Open v24 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the timeout parameter on the login page. | ||||
| CVE-2023-36346 | 1 Codekop | 1 Codekop | 2024-12-05 | 6.1 Medium |
| POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php. | ||||
| CVE-2024-6516 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2024-12-05 | 9 Critical |
| Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | ||||
| CVE-2021-25828 | 1 Emby | 1 Emby | 2024-12-05 | 6.1 Medium |
| Emby Server versions < 4.6.0.50 is vulnerable to Cross Site Scripting (XSS) vulnerability via a crafted GET request to /web. | ||||
| CVE-2022-40010 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2024-12-05 | 5.4 Medium |
| Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was discovered to contain a cross-site scripting (XSS) vulnerability via the deviceId parameter in the Parental Control module. | ||||
| CVE-2024-11995 | 2 Anisha, Code-projects | 2 Farmacia, Farmacia | 2024-12-05 | 3.5 Low |
| A vulnerability has been found in code-projects Farmacia 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /pagamento.php. The manipulation of the argument total leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11996 | 2 Anisha, Code-projects | 2 Farmacia, Farmacia | 2024-12-05 | 3.5 Low |
| A vulnerability was found in code-projects Farmacia 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /editar-fornecedor.php. The manipulation of the argument cidade leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2024-11997 | 2 Anisha, Code-projects | 2 Farmacia, Farmacia | 2024-12-05 | 3.5 Low |
| A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file /vendas.php. The manipulation of the argument notaFiscal leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-34464 | 1 Xwiki | 1 Xwiki | 2024-12-05 | 9.1 Critical |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.2.1 until versions 14.4.8, 14.10.5, and 15.1RC1 of org.xwiki.platform:xwiki-platform-web and any version prior to 14.4.8, 14.10.5, and 15.1.RC1 of org.xwiki.platform:xwiki-platform-web-templates, any user who can edit a document in a wiki like the user profile can create a stored cross-site scripting attack. The attack occurs by putting plain HTML code into that document and then tricking another user to visit that document with the `displaycontent` or `rendercontent` template and plain output syntax. If a user with programming rights is tricked into visiting such a URL, arbitrary actions be performed with this user's rights, impacting the confidentiality, integrity, and availability of the whole XWiki installation. This has been patched in XWiki 14.4.8, 14.10.5 and 15.1RC1 by setting the content type of the response to plain text when the output syntax is not an HTML syntax. | ||||
| CVE-2023-32607 | 1 Pleasanter | 1 Pleasanter | 2024-12-05 | 5.4 Medium |
| Stored cross-site scripting vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script. | ||||
| CVE-2023-36675 | 1 Mediawiki | 1 Mediawiki | 2024-12-05 | 6.1 Medium |
| An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature. | ||||
| CVE-2023-36666 | 1 Inex | 1 Ixp Manager | 2024-12-05 | 6.1 Medium |
| INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page-header-preamble.foil.php, edit-form.foil.php, page-header-preamble.foil.php, overview.foil.php, cust.foil.php, and view.foil.php may be affected. | ||||
| CVE-2020-18413 | 1 Chaoji Cms Project | 1 Chaoji Cms | 2024-12-05 | 4.8 Medium |
| Stored cross site scripting (XSS) vulnerability in /index.php?admin-master-navmenu-add of Chaoji CMS v2.18 that allows attackers to execute arbitrary code. | ||||
| CVE-2020-18410 | 1 Chaoji Cms Project | 1 Chaoji Cms | 2024-12-05 | 4.8 Medium |
| A stored cross site scripting (XSS) vulnerability in /index.php?admin-master-article-edit of Chaoji CMS v2.18 that allows attackers to obtain administrator privileges. | ||||
| CVE-2024-2380 | 1 Checkmk | 1 Checkmk | 2024-12-04 | 4.6 Medium |
| Stored XSS in graph rendering in Checkmk <2.3.0b4. | ||||