Export limit exceeded: 347343 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45654 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45654 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39126 | 1 Roundup-tracker | 1 Roundup | 2025-03-13 | 5.4 Medium |
| Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents. | ||||
| CVE-2024-37878 | 1 Twcms | 1 Twcms | 2025-03-13 | 6.1 Medium |
| Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote attacker to execute arbitrary code via the /TWCMS-gh-pages/twcms/runtime/twcms_view/default,index.htm.php" PHP directly echoes parameters input from external sources | ||||
| CVE-2024-24507 | 1 Act-on | 1 Act-on | 2025-03-13 | 4.6 Medium |
| Cross Site Scripting vulnerability in Act-On 2023 allows a remote attacker to execute arbitrary code via the newUser parameter in the login.jsp component. | ||||
| CVE-2024-39203 | 1 Zblogcn | 1 Z-blogphp | 2025-03-13 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2023-0428 | 1 Kibokolabs | 1 Watu Quiz | 2025-03-12 | 7.5 High |
| The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2023-22868 | 3 Ibm, Linux, Microsoft | 3 Aspera Faspex, Linux Kernel, Windows | 2025-03-12 | 5.4 Medium |
| IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244117. | ||||
| CVE-2022-43579 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2025-03-12 | 4.6 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238684. | ||||
| CVE-2022-4007 | 1 Gitlab | 1 Gitlab | 2025-03-12 | 5.4 Medium |
| A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side. | ||||
| CVE-2023-0934 | 1 Answer | 1 Answer | 2025-03-12 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.5. | ||||
| CVE-2024-56357 | 1 Getgrist | 1 Grist-core | 2025-03-12 | 8.1 High |
| grist-core is a spreadsheet hosting server. A user visiting a malicious document or submitting a malicious form could have their account compromised, because it was possible to use the `javascript:` scheme with custom widget URLs and form redirect URLs. This issue has been patched in version 1.3.1. Users are advised to upgrade. Users unable to upgrade should avoid visiting documents or forms prepared by people they do not trust. | ||||
| CVE-2024-56358 | 1 Getgrist | 1 Grist-core | 2025-03-12 | 8.1 High |
| grist-core is a spreadsheet hosting server. A user visiting a malicious document and previewing an attachment could have their account compromised, because JavaScript in an SVG file would be evaluated in the context of their current page. This issue has been patched in version 1.3.2. Users are advised to upgrade. Users unable to upgrade should avoid previewing attachments in documents prepared by people they do not trust. | ||||
| CVE-2024-56359 | 1 Getgrist | 1 Grist-core | 2025-03-12 | 8.1 High |
| grist-core is a spreadsheet hosting server. A user visiting a malicious document and clicking on a link in a HyperLink cell using a control modifier (meaning for example Ctrl+click) could have their account compromised, since the link could use the javascript: scheme and be evaluated in the context of their current page. This issue has been patched in version 1.3.2. Users are advised to upgrade. Users unable to upgrade should avoid clicking on HyperLink cell links using a control modifier in documents prepared by people they do not trust. | ||||
| CVE-2025-2084 | 1 Phpgurukul | 1 Human Metapneumovirus | 2025-03-12 | 3.5 Low |
| A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /search-report.php of the component Search Report Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-0231 | 1 Hasthemes | 1 Shoplentor | 2025-03-12 | 5.4 Medium |
| The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-26214 | 1 Tibco | 1 Businessconnect | 2025-03-12 | 7.3 High |
| The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below. | ||||
| CVE-2023-22427 | 1 Ss-proj | 1 Shirasagi | 2025-03-12 | 4.8 Medium |
| Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script. | ||||
| CVE-2023-22425 | 1 Ss-proj | 1 Shirasagi | 2025-03-12 | 5.4 Medium |
| Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script. | ||||
| CVE-2023-0419 | 1 Smg-webdesign | 1 Shortcode For Font Awesome | 2025-03-12 | 5.4 Medium |
| The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0285 | 1 Devowl | 1 Real Media Library | 2025-03-12 | 5.4 Medium |
| The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2022-4777 | 1 Bootstrap Shortcodes Project | 1 Bootstrap Shortcodes | 2025-03-12 | 5.4 Medium |
| The Bootstrap Shortcodes WordPress plugin through 3.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||