Export limit exceeded: 346948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45610 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45610 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-30446 | 1 Crmperks | 1 Crm Perks Forms | 2025-02-07 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CRM Perks CRM Perks Forms allows Stored XSS.This issue affects CRM Perks Forms: from n/a through 1.1.4. | ||||
| CVE-2024-41816 | 2 Boxystudio, Goratech | 2 Cooked, Cooked | 2025-02-07 | 5.4 Medium |
| Cooked is a recipe plugin for WordPress. The Cooked plugin for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the ‘[cooked-timer]’ shortcode in versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with subscriber-level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses a compromised page. This issue has been addressed in release version 1.8.1. All users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2022-3695 | 1 Hitachivantara | 1 Pentaho Business Analytics | 2025-02-07 | 6.5 Medium |
| Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.3.0.0, 9.2.0.4 and 8.3.0.27 allow a malicious URL to inject content into a dashboard when the CDE plugin is present. | ||||
| CVE-2023-50231 | 1 Netgear | 1 Prosafe Network Management System | 2025-02-07 | 9.6 Critical |
| NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the saveNodeLabel method. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-21838. | ||||
| CVE-2023-2014 | 1 Microweber | 1 Microweber | 2025-02-06 | 4.8 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3. | ||||
| CVE-2023-2021 | 1 Teampass | 1 Teampass | 2025-02-06 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3. | ||||
| CVE-2023-29847 | 1 Aerocms Project | 1 Aerocms | 2025-02-06 | 5.4 Medium |
| AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2023-26123 | 1 Raylib | 1 Raylib | 2025-02-06 | 6.1 Medium |
| Versions of the package raysan5/raylib before 4.5.0 are vulnerable to Cross-site Scripting (XSS) such that the SetClipboardText API does not properly escape the ' character, allowing attacker-controlled input to break out of the string and execute arbitrary JavaScript via emscripten_run_script function. **Note:** This vulnerability is present only when compiling raylib for PLATFORM_WEB. All the other Desktop/Mobile/Embedded platforms are not affected. | ||||
| CVE-2022-43697 | 1 Open-xchange | 1 Ox App Suite | 2025-02-06 | 6.1 Medium |
| OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob. | ||||
| CVE-2018-17536 | 1 Gitlab | 1 Gitlab | 2025-02-06 | 5.4 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the merge request page via project import. | ||||
| CVE-2018-17454 | 1 Gitlab | 1 Gitlab | 2025-02-06 | 5.4 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the issue details screen. | ||||
| CVE-2023-47626 | 1 Combodo | 1 Itop | 2025-02-06 | 8.8 High |
| iTop is an IT service management platform. When displaying/editing the user's personal tokens, XSS attacks are possible. This vulnerability is fixed in 3.1.1. | ||||
| CVE-2023-47622 | 1 Combodo | 1 Itop | 2025-02-06 | 8.8 High |
| iTop is an IT service management platform. When dashlet are refreshed, XSS attacks are possible. This vulnerability is fixed in 3.0.4 and 3.1.1. | ||||
| CVE-2023-47123 | 1 Combodo | 1 Itop | 2025-02-06 | 8.7 High |
| iTop is an IT service management platform. By filling malicious code in an object friendlyname / complementary name, an XSS attack can be performed when this object will displayed as an n:n relation item in another object. This vulnerability is fixed in 3.1.1 and 3.2.0. | ||||
| CVE-2023-44396 | 1 Combodo | 1 Itop | 2025-02-06 | 6.8 Medium |
| iTop is an IT service management platform. Dashlet edits ajax endpoints can be used to produce XSS. Fixed in iTop 2.7.10, 3.0.4, and 3.1.1. | ||||
| CVE-2023-43790 | 1 Combodo | 1 Itop | 2025-02-06 | 5.7 Medium |
| iTop is an IT service management platform. By manipulating HTTP queries, a user can inject malicious content in the fields used for the object friendlyname value. This vulnerability is fixed in 3.1.1 and 3.2.0. | ||||
| CVE-2022-28353 | 1 External Redirect Warning Project | 1 External Redirect Warning | 2025-02-06 | 6.1 Medium |
| In the External Redirect Warning Plugin 1.3 for MyBB, the redirect URL (aka external.php?url=) is vulnerable to XSS. | ||||
| CVE-2023-29201 | 1 Xwiki | 1 Xwiki | 2025-02-06 | 9.1 Critical |
| XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped `<script>` and `<style>`-tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like `<iframe>`. As a consequence, any code relying on this "restricted" mode for security is vulnerable to JavaScript injection ("cross-site scripting"/XSS). When a privileged user with programming rights visits such a comment in XWiki, the malicious JavaScript code is executed in the context of the user session. This allows server-side code execution with programming rights, impacting the confidentiality, integrity and availability of the XWiki instance. This problem has been patched in XWiki 14.6 RC1 with the introduction of a filter with allowed HTML elements and attributes that is enabled in restricted mode. There are no known workarounds apart from upgrading to a version including the fix. | ||||
| CVE-2023-29202 | 1 Xwiki | 1 Xwiki | 2025-02-06 | 9.1 Critical |
| XWiki Commons are technical libraries common to several other top level XWiki projects. The RSS macro that is bundled in XWiki included the content of the feed items without any cleaning in the HTML output when the parameter `content` was set to `true`. This allowed arbitrary HTML and in particular also JavaScript injection and thus cross-site scripting (XSS) by specifying an RSS feed with malicious content. With the interaction of a user with programming rights, this could be used to execute arbitrary actions in the wiki, including privilege escalation, remote code execution, information disclosure, modifying or deleting content and sabotaging the wiki. The issue has been patched in XWiki 14.6 RC1, the content of the feed is now properly cleaned before being displayed. As a workaround, if the RSS macro isn't used in the wiki, the macro can be uninstalled by deleting `WEB-INF/lib/xwiki-platform-rendering-macro-rss-XX.jar`, where `XX` is XWiki's version, in the web application's directory. | ||||
| CVE-2022-37255 | 1 Tp-link | 2 Tapo C310, Tapo C310 Firmware | 2025-02-06 | 7.5 High |
| TP-Link Tapo C310 1.3.0 devices allow access to the RTSP video feed via credentials of User --- and Password TPL075526460603. | ||||