Export limit exceeded: 45672 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45672 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0289 | 1 Webcalendar Project | 1 Webcalendar | 2025-04-07 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master. | ||||
| CVE-2023-0308 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-07 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | ||||
| CVE-2023-0309 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-07 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | ||||
| CVE-2023-0310 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-07 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | ||||
| CVE-2023-0312 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-07 | 6.1 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | ||||
| CVE-2023-0313 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-07 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | ||||
| CVE-2023-0314 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-07 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.10. | ||||
| CVE-2023-0323 | 1 Pimcore | 1 Pimcore | 2025-04-07 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.14. | ||||
| CVE-2024-51773 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-07 | 4.8 Medium |
| A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to perform any actions the user is authorized to do, including accessing the user's data and altering information within the user's permissions. This could lead to data modification, deletion, or theft, including unauthorized access to files, file deletion, or the theft of session cookies, which an attacker could use to hijack a user's session. | ||||
| CVE-2024-0902 | 1 Radykal | 1 Fancy Product Designer | 2025-04-07 | 4.3 Medium |
| The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-53457 | 1 Librenms | 1 Librenms | 2025-04-07 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name parameter. | ||||
| CVE-2025-28254 | 1 Leantime | 1 Leantime | 2025-04-07 | 5.4 Medium |
| Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in processMentions(). | ||||
| CVE-2024-32326 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-04-07 | 6.8 Medium |
| TOTOLINK EX200 V4.0.3c.7646_B20201211 contains a Cross-site scripting (XSS) vulnerability through the key parameter in the setWiFiExtenderConfig function. | ||||
| CVE-2024-26495 | 1 Friendica | 1 Friendica | 2025-04-07 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the BBCode tags in the post content and post comments function. | ||||
| CVE-2023-29839 | 1 Digitaldruid | 1 Hoteldruid | 2025-04-07 | 5.4 Medium |
| A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function. | ||||
| CVE-2025-28094 | 1 Shopxo | 1 Shopxo | 2025-04-07 | 6.5 Medium |
| shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places. | ||||
| CVE-2025-28097 | 1 Onenav | 1 Onenav | 2025-04-07 | 5.5 Medium |
| OneNav 1.1.0 is vulnerable to Cross Site Scripting (XSS) in custom headers. | ||||
| CVE-2022-47373 | 1 Pandorafms | 1 Pandora Fms | 2025-04-04 | 6.4 Medium |
| Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript payload. | ||||
| CVE-2022-40704 | 1 Phoronix-media | 1 Phoronix Test Suite | 2025-04-04 | 6.1 Medium |
| A XSS vulnerability was found in phoromatic_r_add_test_details.php in phoronix-test-suite. | ||||
| CVE-2024-51994 | 1 Combodo | 1 Itop | 2025-04-04 | 7.1 High |
| Combodo iTop is a web based IT Service Management tool. In affected versions uploading a text file containing some java script in the portal will trigger an Cross-site Scripting (XSS) vulnerability. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||