Export limit exceeded: 347167 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45640 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45640 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0435 | 1 Mintplexlabs | 1 Anythingllm | 2025-02-25 | 5.4 Medium |
| User can send a chat that contains an XSS opportunity that will then run when the chat is sent and on subsequent page loads. Given the minimum requirement for a user to send a chat is to be given access to a workspace via an admin the risk is low. Additionally, the location in which the XSS renders is only limited to the user who submits the XSS. Ultimately, this attack is limited to the user attacking themselves. There is no anonymous chat submission unless the user does not take the minimum steps required to protect their instance. | ||||
| CVE-2024-13135 | 1 Emlog | 1 Emlog | 2025-02-25 | 3.5 Low |
| A vulnerability has been found in Emlog Pro 2.4.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/twitter.php of the component Subpage Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13132 | 1 Emlog | 1 Emlog | 2025-02-25 | 3.5 Low |
| A vulnerability classified as problematic was found in Emlog Pro up to 2.4.3. This vulnerability affects unknown code of the file /admin/article.php of the component Subpage Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0175 | 1 Anisha | 1 Online Shop | 2025-02-25 | 3.5 Low |
| A vulnerability was found in code-projects Online Shop 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view.php. The manipulation of the argument name/details leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1024 | 1 Churchcrm | 1 Churchcrm | 2025-02-25 | 4.8 Medium |
| A vulnerability exists in ChurchCRM 5.13.0 that allows an attacker to execute arbitrary JavaScript in a victim's browser via Reflected Cross-Site Scripting (XSS) in the EditEventAttendees.php page. This requires Administration privileges and affects the EID parameter. The flaw allows an attacker to steal session cookies, perform actions on behalf of an authenticated user, and gain unauthorized access to the application. | ||||
| CVE-2023-28670 | 1 Jenkins | 1 Pipeline Aggregator View | 2025-02-25 | 5.4 Medium |
| Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view's URL in inline JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission. | ||||
| CVE-2023-28666 | 1 Pluginus | 1 Inpost Gallery | 2025-02-25 | 5.4 Medium |
| The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the add_inpost_gallery_slide_item action, which can only be triggered by an authenticated user. | ||||
| CVE-2023-28664 | 1 Pluginus | 1 Wordpress Meta Data And Taxonomies Filter | 2025-02-25 | 5.4 Medium |
| The Meta Data and Taxonomies Filter WordPress plugin, in versions < 1.3.1, is affected by a reflected cross-site scripting vulnerability in the 'tax_name' parameter of the mdf_get_tax_options_in_widget action, which can only be triggered by an authenticated user. | ||||
| CVE-2023-28331 | 1 Moodle | 1 Moodle | 2025-02-25 | 6.1 Medium |
| Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk. | ||||
| CVE-2023-1535 | 1 Answer | 1 Answer | 2025-02-25 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7. | ||||
| CVE-2023-1572 | 1 Datagear | 1 Datagear | 2025-02-25 | 2 Low |
| A vulnerability has been found in DataGear up to 1.11.1 and classified as problematic. This vulnerability affects unknown code of the component Plugin Handler. The manipulation leads to cross site scripting. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.12.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-223564. | ||||
| CVE-2023-26010 | 1 Amauri | 1 Wpmobile.app | 2025-02-25 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMobile.App plugin <= 11.18 versions. | ||||
| CVE-2023-28932 | 1 Amauri | 1 Wpmobile.app | 2025-02-25 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMobile.App WPMobile.App — Android and iOS Mobile Application plugin <= 11.20 versions. | ||||
| CVE-2023-22702 | 1 Amauri | 1 Wpmobile.app | 2025-02-25 | 6.5 Medium |
| Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WPMobile.App WPMobile.App — Android and iOS Mobile Application plugin <= 11.13 versions. | ||||
| CVE-2025-0916 | 1 Yaycommerce | 1 Yaysmtp | 2025-02-25 | 7.2 High |
| The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: The vulnerability has been initially patched in version 2.4.8 and was reintroduced in version 2.4.9 with the removal of the wp_kses_post() built-in WordPress sanitization function. | ||||
| CVE-2023-28678 | 1 Jenkins | 1 Cppcheck | 2025-02-25 | 5.4 Medium |
| Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control report file contents. | ||||
| CVE-2023-28669 | 1 Jenkins | 1 Jacoco | 2025-02-25 | 5.4 Medium |
| Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action. | ||||
| CVE-2022-22512 | 1 Varta | 16 Element Backup, Element Backup Firmware, Element S1 and 13 more | 2025-02-25 | 9.8 Critical |
| Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network. | ||||
| CVE-2023-28665 | 1 Technocrackers | 1 Bulk Price Update For Woocommerce | 2025-02-25 | 5.4 Medium |
| The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the techno_get_products action, which can only be triggered by an authenticated user. | ||||
| CVE-2023-26283 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-02-25 | 5.4 Medium |
| IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416. | ||||