Export limit exceeded: 346641 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45584 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45584 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47662 | 1 Goldbroker | 1 Live Gold Price \& Silver Price Charts Widgets | 2025-01-08 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GoldBroker.Com Live Gold Price & Silver Price Charts Widgets plugin <= 2.4 versions. | ||||
| CVE-2023-47710 | 1 Ibm | 1 Security Guardium | 2025-01-08 | 5.4 Medium |
| IBM Security Guardium 11.4, 11.5, and 12.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271525. | ||||
| CVE-2023-34408 | 1 Dokuwiki | 1 Dokuwiki | 2025-01-08 | 5.4 Medium |
| DokuWiki before 2023-04-04a allows XSS via RSS titles. | ||||
| CVE-2023-33763 | 1 Simpleredak | 1 Simpleredak | 2025-01-08 | 6.1 Medium |
| eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /scheduler/index.php. | ||||
| CVE-2023-33761 | 1 Simpleredak | 1 Simpleredak | 2025-01-08 | 6.1 Medium |
| eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /view/cb/format_642.php. | ||||
| CVE-2023-33731 | 1 Escanav | 1 Escan Management Console | 2025-01-08 | 6.1 Medium |
| Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly. | ||||
| CVE-2023-33408 | 1 Minical | 1 Minical | 2025-01-08 | 5.4 Medium |
| Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). The vulnerability exists due to insufficient input validation in the application's user input handling in the security_helper.php file. | ||||
| CVE-2023-28705 | 1 Openfind | 1 Mail2000 | 2025-01-08 | 5.4 Medium |
| Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. A remote attacker can exploit this vulnerability using phishing emails that contain malicious web pages injected with JavaScript. When users access the system and open the email, it triggers an XSS (Reflected Cross-site scripting) attack. | ||||
| CVE-2023-3086 | 1 Teampass | 1 Teampass | 2025-01-08 | 9.0 Critical |
| Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | ||||
| CVE-2023-3067 | 1 Trilium Project | 1 Trilium | 2025-01-08 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium prior to 0.59.4. | ||||
| CVE-2023-3070 | 1 Corebos | 1 Corebos | 2025-01-08 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | ||||
| CVE-2023-3071 | 1 Tsolucio | 1 Corebos | 2025-01-08 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | ||||
| CVE-2023-3073 | 1 Corebos | 1 Corebos | 2025-01-08 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8 via evvtgendoc. | ||||
| CVE-2023-3074 | 1 Corebos | 1 Corebos | 2025-01-08 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. | ||||
| CVE-2022-46088 | 1 Oretnom23 | 1 Online Flight Booking Management System | 2025-01-08 | 6.1 Medium |
| Online Flight Booking Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the feedback form. | ||||
| CVE-2024-41953 | 1 Zitadel | 1 Zitadel | 2025-01-08 | 4.3 Medium |
| Zitadel is an open source identity management system. ZITADEL uses HTML for emails and renders certain information such as usernames dynamically. That information can be entered by users or administrators. Due to a missing output sanitization, these emails could include malicious code. This may potentially lead to a threat where an attacker, without privileges, could send out altered notifications that are part of the registration processes. An attacker could create a malicious link, where the injected code would be rendered as part of the email. On the user's detail page, the username was also not sanitized and would also render HTML, giving an attacker the same vulnerability. While it was possible to inject HTML including javascript, the execution of such scripts would be prevented by most email clients and the Content Security Policy in Console UI. This vulnerability is fixed in 2.58.1, 2.57.1, 2.56.2, 2.55.5, 2.54.8 2.53.9, and 2.52.3. | ||||
| CVE-2024-29891 | 1 Zitadel | 1 Zitadel | 2025-01-08 | 8.7 High |
| ZITADEL users can upload their own avatar image and various image types are allowed. Due to a missing check, an attacker could upload HTML and pretend it is an image to gain access to the victim's account in certain scenarios. A possible victim would need to directly open the supposed image in the browser, where a session in ZITADEL needs to be active for this exploit to work. The exploit could only be reproduced if the victim was using Firefox. Chrome, Safari as well as Edge did not execute the code. This vulnerability is fixed in 2.48.3, 2.47.8, 2.46.5, 2.45.5, 2.44.7, 2.43.11, and 2.42.17. | ||||
| CVE-2024-28855 | 1 Zitadel | 1 Zitadel | 2025-01-08 | 8.1 High |
| ZITADEL, open source authentication management software, uses Go templates to render the login UI. Due to a improper use of the `text/template` instead of the `html/template` package, the Login UI did not sanitize input parameters prior to versions 2.47.3, 2.46.1, 2.45.1, 2.44.3, 2.43.9, 2.42.15, and 2.41.15. An attacker could create a malicious link, where he injected code which would be rendered as part of the login screen. While it was possible to inject HTML including JavaScript, the execution of such scripts would be prevented by the Content Security Policy. Versions 2.47.3, 2.46.1, 2.45.1, 2.44.3, 2.43.9, 2.42.15, and 2.41.15 contain a patch for this issue. No known workarounds are available. | ||||
| CVE-2023-3058 | 1 07fly | 1 Customer Relationship Management | 2025-01-08 | 3.5 Low |
| A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230560. | ||||
| CVE-2023-3084 | 1 Teampass | 1 Teampass | 2025-01-08 | 8.1 High |
| Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | ||||