Export limit exceeded: 347283 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 13718 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347283 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45652 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45652 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-25823 | 1 Gradio Project | 1 Gradio | 2025-03-10 | 5.4 Medium |
| Gradio is an open-source Python library to build machine learning and data science demos and web applications. Versions prior to 3.13.1 contain Use of Hard-coded Credentials. When using Gradio's share links (i.e. creating a Gradio app and then setting `share=True`), a private SSH key is sent to any user that connects to the Gradio machine, which means that a user could access other users' shared Gradio demos. From there, other exploits are possible depending on the level of access/exposure the Gradio app provides. This issue is patched in version 3.13.1, however, users are recommended to update to 3.19.1 or later where the FRP solution has been properly tested. | ||||
| CVE-2023-25825 | 1 Zoneminder | 1 Zoneminder | 2025-03-10 | 7.7 High |
| ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This is unescaped when viewing the logs in the web ui. This issue is patched in version 1.36.33. | ||||
| CVE-2023-1067 | 1 Pimcore | 1 Pimcore | 2025-03-10 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. | ||||
| CVE-2023-0043 | 1 Add User Project | 1 Add User | 2025-03-10 | 6.1 Medium |
| The Custom Add User WordPress plugin through 2.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2024-27774 | 1 Unitronics | 1 Unilogic | 2025-03-10 | 7.5 High |
| Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware | ||||
| CVE-2023-0548 | 1 Kibokolabs | 1 Namaste\! Lms | 2025-03-10 | 4.8 Medium |
| The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2023-26042 | 1 Part-db Project | 1 Part-db | 2025-03-10 | 6.1 Medium |
| Part-DB is an open source inventory management system for your electronic components. User input was found not being properly escaped, which allowed malicious users to inject arbitrary HTML into the pages. The Content-Security-Policy forbids inline and external scripts so it is not possible to execute JavaScript code, unless in combination with other vulnerabilities. There are no workarounds, please upgrade to Pat-DB 1.0.2 or later. | ||||
| CVE-2023-22860 | 1 Ibm | 1 Cloud Pak For Business Automation | 2025-03-10 | 5.4 Medium |
| IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100. | ||||
| CVE-2023-22438 | 1 Ec-cube | 1 Ec-cube | 2025-03-07 | 5.4 Medium |
| Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script. | ||||
| CVE-2023-1148 | 1 Flatpress | 1 Flatpress | 2025-03-07 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | ||||
| CVE-2023-1146 | 1 Flatpress | 1 Flatpress | 2025-03-07 | 5.4 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3. | ||||
| CVE-2023-1107 | 1 Flatpress | 1 Flatpress | 2025-03-07 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | ||||
| CVE-2023-1106 | 1 Flatpress | 1 Flatpress | 2025-03-07 | 6.1 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3. | ||||
| CVE-2023-22778 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2025-03-07 | 4.8 Medium |
| A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | ||||
| CVE-2022-4901 | 1 Sophos | 1 Connect | 2025-03-07 | 3.3 Low |
| Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim. | ||||
| CVE-2024-38317 | 1 Ibm | 1 Aspera Shares | 2025-03-07 | 4.8 Medium |
| IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-38318 | 1 Ibm | 1 Aspera Shares | 2025-03-07 | 4.8 Medium |
| IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | ||||
| CVE-2024-56472 | 1 Ibm | 1 Aspera Shares | 2025-03-07 | 6.4 Medium |
| IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2023-38333 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-03-07 | 6.1 Medium |
| Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in. | ||||
| CVE-2021-36399 | 1 Moodle | 1 Moodle | 2025-03-07 | 5.4 Medium |
| In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk. | ||||