Export limit exceeded: 45921 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45921 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-7762 | 1 Apple | 1 Iphone Os | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebKit" component, which allows XSS attacks against Safari. | ||||
| CVE-2016-7839 | 1 Olive Design | 1 Olive Blog | 2025-04-20 | N/A |
| Cross-site scripting vulnerability in Olive Blog allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2016-5682 | 1 Smartbear | 1 Swagger-ui | 2025-04-20 | 6.1 Medium |
| Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section. | ||||
| CVE-2016-7823 | 1 Buffalotech | 2 Wnc01wh, Wnc01wh Firmware | 2025-04-20 | N/A |
| Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-1000149 | 1 Mahara | 1 Mahara | 2025-04-20 | N/A |
| Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target="_blank" and window.open()) | ||||
| CVE-2017-11182 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2025-04-20 | N/A |
| In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable. | ||||
| CVE-2016-6519 | 2 Openstack, Redhat | 2 Manila, Openstack | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form. | ||||
| CVE-2017-1000160 | 1 Expressionengine | 1 Expressionengine | 2025-04-20 | N/A |
| EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection | ||||
| CVE-2017-1000164 | 1 Tine20 | 1 Tine 2.0 | 2025-04-20 | N/A |
| Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation | ||||
| CVE-2017-1000193 | 1 Octobercms | 1 October | 2025-04-20 | N/A |
| October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser. | ||||
| CVE-2024-31828 | 1 Lavalite | 1 Lavalite | 2025-04-18 | 6.1 Medium |
| Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows attackers to execute arbitrary code and obtain sensitive information via a crafted payload to the URL. | ||||
| CVE-2024-31741 | 2 1234n, Minicms Project | 2 Minicms, Minicms | 2025-04-18 | 6.1 Medium |
| Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code via crafted string in the URL after login. | ||||
| CVE-2024-2603 | 1 Salonbookingsystem | 1 Salon Booking System | 2025-04-18 | 6.3 Medium |
| The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin (or editor depending on Salon booking system WordPress plugin through 9.6.5 configuration) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-31609 | 2 Bosscms, Code-projects | 2 Bosscms, Simple School Management System | 2025-04-18 | 7.1 High |
| Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attackers to run arbitrary code via the header code and footer code fields in code configuration. | ||||
| CVE-2024-55342 | 1 Dotnetfoundation | 1 Piranha Cms | 2025-04-18 | 4.7 Medium |
| A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS vulnerability. | ||||
| CVE-2020-22540 | 1 Codologic | 1 Codoforum | 2025-04-18 | 5.4 Medium |
| Stored Cross-Site Scripting (XSS) vulnerability in Codoforum v4.9, allows attackers to execute arbitrary code and obtain sensitive information via crafted payload to Category name component. | ||||
| CVE-2024-4061 | 1 Ays-pro | 1 Survey Maker | 2025-04-18 | 4.8 Medium |
| The Survey Maker WordPress plugin before 4.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-38653 | 1 Hcltech | 1 Digital Experience | 2025-04-18 | 2 Low |
| In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded. | ||||
| CVE-2024-51055 | 1 Hoosk | 1 Hoosk | 2025-04-18 | 6.5 Medium |
| An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component. | ||||
| CVE-2023-46950 | 1 Contribsys | 1 Sidekiq | 2025-04-18 | 6.1 Medium |
| Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions. | ||||