Export limit exceeded: 347283 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 13718 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45652 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45652 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36401 | 1 Moodle | 1 Moodle | 2025-03-07 | 4.8 Medium |
| In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. | ||||
| CVE-2023-26608 | 1 Vxcontrol | 1 Soldr | 2025-03-07 | 5.4 Medium |
| SOLDR (System of Orchestration, Lifecycle control, Detection and Response) 1.1.0 allows stored XSS via the module editor. | ||||
| CVE-2024-45292 | 1 Phpoffice | 1 Phpspreadsheet | 2025-03-07 | 5.4 Medium |
| PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. `\PhpOffice\PhpSpreadsheet\Writer\Html` does not sanitize "javascript:" URLs from hyperlink `href` attributes, resulting in a Cross-Site Scripting vulnerability. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2021-36713 | 1 Sprymedia | 1 Datatables | 2025-03-07 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in the DataTables plug-in 1.9.2 for jQuery allows attackers to run arbitrary code via the sBaseName parameter to function _fnCreateCookie. NOTE: 1.9.2 is a version from 2012. | ||||
| CVE-2023-1147 | 1 Flatpress | 1 Flatpress | 2025-03-07 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | ||||
| CVE-2023-50307 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-07 | 5.4 Medium |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273338. | ||||
| CVE-2023-45186 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-07 | 4.8 Medium |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 268691. | ||||
| CVE-2024-22357 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-07 | 5.4 Medium |
| IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280894. | ||||
| CVE-2023-47714 | 1 Ibm | 1 Sterling File Gateway | 2025-03-07 | 4.8 Medium |
| IBM Sterling File Gateway 6.0.0.0 through 6.0.3.9, 6.1.0.0 through 6.1.2.3, and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271531. | ||||
| CVE-2025-0475 | 1 Gitlab | 1 Gitlab | 2025-03-07 | 8.7 High |
| An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1. A proxy feature could potentially allow unintended content rendering leading to XSS under specific circumstances. | ||||
| CVE-2022-44875 | 1 Kioware | 1 Kioware | 2025-03-06 | 5.4 Medium |
| KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code. | ||||
| CVE-2023-1197 | 1 Uvdesk | 1 Community-skeleton | 2025-03-06 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0. | ||||
| CVE-2023-1131 | 1 Computer Parts Sales And Inventory System Project | 1 Computer Parts Sales And Inventory System | 2025-03-06 | 3.5 Low |
| A vulnerability has been found in SourceCodester Computer Parts Sales and Inventory System 1.0 and classified as problematic. This vulnerability affects unknown code of the file customer.php. The manipulation of the argument FIRST_NAME/LAST_NAME/PHONE_NUMBER leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222106 is the identifier assigned to this vulnerability. | ||||
| CVE-2021-20553 | 1 Ibm | 1 Sterling B2b Integrator | 2025-03-06 | 5.4 Medium |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2023-1212 | 1 Phpipam | 1 Phpipam | 2025-03-06 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2. | ||||
| CVE-2023-26954 | 1 Onekeyadmin Project | 1 Onekeyadmin | 2025-03-06 | 5.4 Medium |
| onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Group module. | ||||
| CVE-2022-42248 | 1 Qlik | 1 Qlikview | 2025-03-06 | 5.4 Medium |
| QlikView 12.60.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the QvsViewClient functionality. | ||||
| CVE-2023-1241 | 1 Answer | 1 Answer | 2025-03-06 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2023-25807 | 1 Dataease | 1 Dataease | 2025-03-06 | 7.2 High |
| DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses the dashboard. The vulnerability has been fixed in version 1.18.3. | ||||
| CVE-2023-1181 | 1 Easyimages2.0 Project | 1 Easyimages2.0 | 2025-03-06 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository icret/easyimages2.0 prior to 2.6.7. | ||||