Export limit exceeded: 346786 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45596 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45596 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25152 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-01-28 | 9 Critical |
| Stored cross-site scripting (XSS) vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the filename of an attachment. | ||||
| CVE-2023-37940 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-01-28 | 4.8 Medium |
| Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy's `Service Class` text field. | ||||
| CVE-2023-40191 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-01-28 | 9 Critical |
| Reflected cross-site scripting (XSS) vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 44 through 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the “Blocked Email Domains” text field | ||||
| CVE-2023-47795 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-01-28 | 9 Critical |
| Stored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a document's “Title” text field. | ||||
| CVE-2023-29791 | 1 Kodcloud | 1 Kodbox | 2025-01-28 | 6.1 Medium |
| kodbox <= 1.37 is vulnerable to Cross Site Scripting (XSS) via the debug information. | ||||
| CVE-2024-29913 | 1 Themeum | 1 Tutor Lms Elementor Addons | 2025-01-28 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Tutor LMS Elementor Addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.3. | ||||
| CVE-2024-29911 | 1 Master-addons | 1 Master Addons | 2025-01-28 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jewel Theme Master Addons for Elementor allows Stored XSS.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1. | ||||
| CVE-2023-2591 | 1 Teampass | 1 Teampass | 2025-01-28 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to 3.0.7. | ||||
| CVE-2023-30742 | 1 Sap | 2 Customer Relationship Management S4fnd, Customer Relationship Management Webclient Ui | 2025-01-28 | 6.1 Medium |
| SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user's session. The information from the victim's session could then be modified or read by the attacker. | ||||
| CVE-2023-31804 | 1 Chamilo | 1 Chamilo Lms | 2025-01-28 | 5.4 Medium |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters. | ||||
| CVE-2023-30743 | 1 Sap | 1 Sapui5 | 2025-01-28 | 7.1 High |
| Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by the application, the vulnerability could lead to the attacker reading or modifying user’s information through phishing attack. | ||||
| CVE-2023-31406 | 1 Sap | 1 Businessobjects Business Intelligence | 2025-01-28 | 6.1 Medium |
| Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | ||||
| CVE-2023-31407 | 1 Sap | 1 Business Planning And Consolidation | 2025-01-28 | 5.4 Medium |
| SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application. | ||||
| CVE-2024-29107 | 1 Webtechstreet | 1 Elementor Addon Elements | 2025-01-28 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.12.10. | ||||
| CVE-2023-31126 | 1 Xwiki | 1 Xwiki | 2025-01-28 | 9.1 Critical |
| `org.xwiki.commons:xwiki-commons-xml` is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect restricted cleaning in HTMLCleaner as there attributes are cleaned and thus characters like `/` and `>` are removed in all attribute names. This problem has been patched in XWiki 14.10.4 and 15.0 RC1 by making sure that data attributes only contain allowed characters. There are no known workarounds apart from upgrading to a version including the fix. | ||||
| CVE-2024-41174 | 1 Beckhoff | 3 Ipc Diagnostics, Ipc Diagnostics Package, Twincat\/bsd | 2025-01-28 | 7.3 High |
| The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a low-privileged local attacker. | ||||
| CVE-2023-31816 | 1 Content Management System Project | 1 Content Management System | 2025-01-28 | 6.5 Medium |
| IT Sourcecode Content Management System Project In PHP and MySQL With Source Code 1.0.0 is vulnerable to Cross Site Scripting (XSS) via /ecodesource/search_list.php. | ||||
| CVE-2023-31779 | 1 Wekan Project | 1 Wekan | 2025-01-28 | 5.4 Medium |
| Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature. | ||||
| CVE-2023-30741 | 1 Sap | 1 Businessobjects Business Intelligence | 2025-01-28 | 6.1 Medium |
| Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | ||||
| CVE-2023-31144 | 1 Craftcms | 1 Craft Cms | 2025-01-28 | 6.1 Medium |
| Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4. | ||||