Export limit exceeded: 45655 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45655 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37675 | 1 Tessi | 1 Docubase | 2025-03-18 | 5.4 Medium |
| Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the parameter "sectionContent" related to the functionality of adding notes to an uploaded file. | ||||
| CVE-2023-6123 | 1 Opentext | 1 Alm Octane | 2025-03-18 | 7.5 High |
| Improper Neutralization vulnerability affects OpenText ALM Octane version 16.2.100 and above. The vulnerability could result in a remote code execution attack. | ||||
| CVE-2022-38220 | 1 Quest | 1 Kace Systems Management Appliance | 2025-03-18 | 6.1 Medium |
| An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML. | ||||
| CVE-2023-0840 | 1 Phpcrazy Project | 1 Phpcrazy | 2025-03-18 | 3.5 Low |
| A vulnerability classified as problematic was found in PHPCrazy 1.1.1. This vulnerability affects unknown code of the file admin/admin.php?action=users&mode=info&user=2. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221086 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-34091 | 1 Archerirm | 1 Archer | 2025-03-18 | 7.3 High |
| An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed in the background of the application and renders content inaccessible. 6.14 P3 (6.14.0.3) is also a fixed release. | ||||
| CVE-2024-5529 | 2 Holoborodko, Pavel Holoborodko | 2 Wp Quicklatex, Wp Quicklatex | 2025-03-18 | 4.8 Medium |
| The WP QuickLaTeX WordPress plugin before 3.8.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-45180 | 1 Squaredup | 1 Squaredup Ds For Scom | 2025-03-18 | 5.4 Medium |
| SquaredUp DS for SCOM 6.2.1.11104 allows XSS. | ||||
| CVE-2024-23786 | 1 Sharp | 4 Jh-rv11, Jh-rv11 Firmware, Jh-rvb1 and 1 more | 2025-03-18 | 9.3 Critical |
| Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product. | ||||
| CVE-2024-27183 | 1 Dj-extensions | 1 Dj-helpfularticles | 2025-03-18 | 6.1 Medium |
| XSS vulnerability in DJ-HelpfulArticles component for Joomla. | ||||
| CVE-2024-37624 | 1 Rockoa | 1 Xinhu | 2025-03-17 | 6.1 Medium |
| Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php. component. | ||||
| CVE-2024-43112 | 1 Mozilla | 1 Firefox | 2025-03-17 | 6.1 Medium |
| Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129. | ||||
| CVE-2024-25895 | 1 Churchcrm | 1 Churchcrm | 2025-03-17 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter of /EventAttendance.php | ||||
| CVE-2023-35859 | 1 Moderncampus | 1 Omni Cms | 2025-03-17 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability in the blog function of Modern Campus - Omni CMS 2023.1 allows a remote attacker to inject arbitrary scripts or HTML via multiple parameters. | ||||
| CVE-2023-26235 | 1 Jd-gui Project | 1 Jd-gui | 2025-03-17 | 6.1 Medium |
| JD-GUI 1.6.6 allows XSS via util/net/InterProcessCommunicationUtil.java. | ||||
| CVE-2022-40348 | 1 Intern Record System Project | 1 Intern Record System | 2025-03-17 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'name' and 'email' parameters, allows attackers to execute arbitrary code. | ||||
| CVE-2024-2630 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-17 | 6.5 Medium |
| Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2022-1153 | 1 Kreaturamedia | 1 Layerslider | 2025-03-17 | 4.8 Medium |
| The LayerSlider WordPress plugin before 7.1.2 does not sanitise and escape Project's slug before outputting it back in various place, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | ||||
| CVE-2024-42638 | 1 H3c | 2 Magic B1st, Magic B1st Firmware | 2025-03-17 | 9.8 Critical |
| H3C Magic B1ST v100R012 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | ||||
| CVE-2024-38454 | 1 Expressionengine | 1 Expressionengine | 2025-03-17 | 6.1 Medium |
| ExpressionEngine before 7.4.11 allows XSS. | ||||
| CVE-2024-25226 | 1 Code-projects | 1 Simple Admin Panel | 2025-03-14 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function. | ||||