Export limit exceeded: 45601 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45601 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-29638 | 1 Winterchen | 1 My-site | 2025-01-30 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in WinterChenS my-site before commit 3f0423da6d5200c7a46e200da145c1f54ee18548, allows attackers to inject arbitrary web script or HTML via editing blog articles. | ||||
| CVE-2023-29637 | 1 Qbian61 Forum-java Project | 1 Qbian61 Forum-java | 2025-01-30 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Qbian61 forum-java, allows attackers to inject arbitrary web script or HTML via editing the article content in the "article editor" page. | ||||
| CVE-2023-26089 | 1 Echa.europa | 1 Iuclid | 2025-01-30 | 9.8 Critical |
| European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5. | ||||
| CVE-2022-43871 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2025-01-30 | 4.6 Medium |
| IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239707. | ||||
| CVE-2023-22921 | 1 Zyxel | 2 Nbg-418n, Nbg-418n Firmware | 2025-01-30 | 7.5 High |
| A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to store malicious scripts using a web management interface parameter, resulting in denial-of-service (DoS) conditions on an affected device. | ||||
| CVE-2023-2475 | 1 J2eefast | 1 J2eefast | 2025-01-30 | 3.5 Low |
| A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. This issue affects some unknown processing of the component System Message Handler. The manipulation of the argument 主题 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-227867. | ||||
| CVE-2023-30639 | 1 Archerirm | 1 Archer | 2025-01-30 | 7.1 High |
| Archer Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. 6.11.P4 (6.11.0.4) is also a fixed release. | ||||
| CVE-2022-47877 | 1 Jedox | 1 Jedox | 2025-01-30 | 9.6 Critical |
| A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'. | ||||
| CVE-2023-1861 | 1 Limit Login Attempts Project | 1 Limit Login Attempts | 2025-01-30 | 5.4 Medium |
| The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2023-1805 | 1 Pixelyoursite | 1 Product Catalog Feed | 2025-01-30 | 6.1 Medium |
| The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-1804 | 1 Pixelyoursite | 1 Product Catalog Feed | 2025-01-30 | 6.1 Medium |
| The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators. | ||||
| CVE-2023-1614 | 1 Wp Custom Author Url Project | 1 Wp Custom Author Url | 2025-01-30 | 4.8 Medium |
| The WP Custom Author URL WordPress plugin before 1.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2023-1554 | 1 Fullworksplugins | 1 Quick Paypal Payments | 2025-01-30 | 4.8 Medium |
| The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-1546 | 1 Plainviewplugins | 1 Mycryptocheckout | 2025-01-30 | 6.1 Medium |
| The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting | ||||
| CVE-2023-1525 | 1 Geminilabs | 1 Site Reviews | 2025-01-30 | 4.8 Medium |
| The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2023-1090 | 1 Smtp Mailing Queue Project | 1 Smtp Mailing Queue | 2025-01-30 | 4.8 Medium |
| The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-1021 | 1 Amr-ical-events-list Project | 1 Amr-ical-events-list | 2025-01-30 | 4.8 Medium |
| The amr ical events lists WordPress plugin through 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-0891 | 1 Codestag | 1 Stagtools | 2025-01-30 | 5.4 Medium |
| The StagTools WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-1384 | 2 Amazon, Bestbuy | 3 Fire Os, Fire Tv Stick 3rd Gen, Insignia Tv | 2025-01-30 | 4.3 Medium |
| The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3. | ||||
| CVE-2024-9672 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2025-01-30 | 5.4 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. This issue can be used to execute specially created JavaScript payloads in the browser. A user must click on a malicious link for this issue to occur. | ||||