Export limit exceeded: 350381 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45907 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45907 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39311 | 1 Publify | 2 Publify, Publify Core | 2025-04-14 | 5.4 Medium |
| Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions prior to 10.0.2 of the `publify_core` rubygem, publisher on a `publify` application is able to perform a cross-site scripting (XSS) attack on an administrator using the redirect functionality. The exploitation of this XSS vulnerability requires the administrator to click a malicious link. An attack could attempt to hide their payload by using HTML, or other encodings, as to not make it obvious to an administrator that this is a malicious link. A publisher may attempt to use this vulnerability to escalate their privileges and become an administrator. Version 10.0.1 of Publify and version 10.0.2 of the `publify_core` rubygem fix the issue. | ||||
| CVE-2024-33424 | 1 Cmsimple | 1 Cmsimple | 2025-04-14 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Downloads parameter under the Language section. | ||||
| CVE-2024-2837 | 1 Ninjateam | 1 Wp Chat App | 2025-04-14 | 5.4 Medium |
| The WP Chat App WordPress plugin before 3.6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | ||||
| CVE-2024-2439 | 1 Salonbookingsystem | 1 Salon Booking System | 2025-04-14 | 4.8 Medium |
| The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-4242 | 1 Ljapps | 1 Wp Google Review Slider | 2025-04-14 | 4.8 Medium |
| The WP Google Review Slider WordPress plugin before 11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-45425 | 1 Dahuasecurity | 8 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 5 more | 2025-04-14 | 7.5 High |
| Some Dahua software products have a vulnerability of using of hard-coded cryptographic key. An attacker can obtain the AES crypto key by exploiting this vulnerability. | ||||
| CVE-2024-32392 | 1 Cmsimple | 1 Cmsimple | 2025-04-14 | 4.5 Medium |
| Cross Site Scripting vulnerability in CmSimple v.5.15 allows a remote attacker to execute arbitrary code via the functions.php component. | ||||
| CVE-2024-32162 | 1 Cmseasy | 1 Cmseasy | 2025-04-14 | 4.3 Medium |
| CMSeasy 7.7.7.9 is vulnerable to Arbitrary file deletion. | ||||
| CVE-2024-2102 | 1 Salonbookingsystem | 1 Salon Booking System | 2025-04-14 | 4.7 Medium |
| The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field and 'sms_prefix' parameter when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Bookings' page and the malicious script is executed in the admin context. | ||||
| CVE-2024-2101 | 1 Salonbookingsystem | 1 Salon Booking System | 2025-04-14 | 5.7 Medium |
| The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Customers' page and the malicious script is executed in the admin context. | ||||
| CVE-2023-40277 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2025-04-14 | 6.1 Medium |
| An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-Site Scripting (XSS) vulnerability has been discovered in the login.jsp message parameter. | ||||
| CVE-2023-49540 | 1 Oretnom23 | 1 Book Store Management System | 2025-04-14 | 6.1 Medium |
| Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/history. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the history parameter. | ||||
| CVE-2023-49539 | 1 Oretnom23 | 1 Book Store Management System | 2025-04-14 | 6.1 Medium |
| Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/category. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the category parameter. | ||||
| CVE-2014-3364 | 1 Cisco | 1 Prime Security Manager | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Prime Security Manager (aka PRSM) 9.2.1-2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) Access Policies or (2) Device Summary Dashboard parameter, aka Bug ID CSCuq80661. | ||||
| CVE-2014-3949 | 2 Jo Hasenau, Typo3 | 2 Gridelements, Typo3 | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the layout wizard in the Grid Elements (gridelements) extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-7882 | 1 Adobe | 1 Experience Manager | 2025-04-12 | N/A |
| Adobe Experience Manager versions 6.2 and earlier have an input validation issue in the WCMDebug filter that could be used in cross-site scripting attacks. | ||||
| CVE-2016-6634 | 1 Wordpress | 1 Wordpress | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-3365 | 1 Cisco | 1 Prime Security Manager | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via crafted input to the (1) Dashboard or (2) Configure Realm page, aka Bug ID CSCuo94808. | ||||
| CVE-2014-3080 | 1 Ibm | 2 Global Console Manager 16 Firmware, Global Console Manager 32 Firmware | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to kvm.cgi or (2) the key parameter to avctalert.php. | ||||
| CVE-2014-2333 | 1 Marcel Brinkkemper | 1 Lazyest-gallery | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information. | ||||