Export limit exceeded: 45577 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45577 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3142 | 1 Microweber | 1 Microweber | 2025-01-06 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0. | ||||
| CVE-2023-33846 | 3 Hp, Ibm, Linux | 5 Hp-ux, Aix, Cics Tx and 2 more | 2025-01-06 | 5.4 Medium |
| IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 257100. | ||||
| CVE-2023-23481 | 2 Ibm, Linux | 2 Sterling Partner Engagement Manager, Linux Kernel | 2025-01-06 | 6.4 Medium |
| IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245889. | ||||
| CVE-2023-23480 | 2 Ibm, Linux | 2 Sterling Partner Engagement Manager, Linux Kernel | 2025-01-06 | 5.4 Medium |
| IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245885. | ||||
| CVE-2023-26465 | 1 Pega | 1 Pega Platform | 2025-01-06 | 6.1 Medium |
| Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. | ||||
| CVE-2023-34856 | 1 Dlink | 2 Di-7500g-ci, Di-7500g-ci Firmware | 2025-01-06 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /auth_pic.cgi. | ||||
| CVE-2024-13031 | 1 Antabot | 1 White-jotter | 2025-01-06 | 2.4 Low |
| A vulnerability classified as problematic has been found in Antabot White-Jotter up to 0.2.2. Affected is an unknown function of the file /admin/content/editor of the component Article Content Editor. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13033 | 1 Code-projects | 1 Chat System | 2025-01-06 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in code-projects Chat System 1.0. Affected by this issue is some unknown functionality of the file /admin/chatroom.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-33515 | 1 Softexpert | 1 Excellence Suite | 2025-01-06 | 5.4 Medium |
| SoftExpert Excellence Suite 2.1.9 is vulnerable to Cross Site Scripting (XSS) via query screens. | ||||
| CVE-2023-29714 | 1 Vadesecure | 1 Secure Gateway | 2025-01-06 | 6.1 Medium |
| Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via the username, password, and language cookies parameter. | ||||
| CVE-2023-29713 | 1 Vadesecure | 1 Secure Gateway | 2025-01-06 | 6.1 Medium |
| Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the GET request after the /css/ directory. | ||||
| CVE-2023-29712 | 1 Vadesecure | 1 Secure Gateway | 2025-01-06 | 6.1 Medium |
| Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the X-Rewrite-URL parameter. | ||||
| CVE-2023-2121 | 2 Hashicorp, Redhat | 2 Vault, Openshift Data Foundation | 2025-01-06 | 4.3 Medium |
| Vault and Vault Enterprise's (Vault) key-value v2 (kv-v2) diff viewer allowed HTML injection into the Vault web UI through key values. This vulnerability, CVE-2023-2121, is fixed in Vault 1.14.0, 1.13.3, 1.12.7, and 1.11.11. | ||||
| CVE-2023-34245 | 1 Udecode | 1 Plate | 2025-01-06 | 8.1 High |
| @udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the `javascript:` scheme. As a result, links with JavaScript URLs can be inserted into the Plate editor through various means, including opening or pasting malicious content. `@udecode/plate-link` 20.0.0 resolves this issue by introducing an `allowedSchemes` option to the link plugin, defaulting to `['http', 'https', 'mailto', 'tel']`. URLs using a scheme that isn't in this list will not be rendered to the DOM. Users are advised to upgrade. Users unable to upgrade are advised to override the `LinkElement` and `PlateFloatingLink` components with implementations that explicitly check the URL scheme before rendering any anchor elements. | ||||
| CVE-2024-13034 | 1 Code-projects | 1 Chat System | 2025-01-06 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in code-projects Chat System 1.0. This affects an unknown part of the file /admin/update_user.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-3191 | 1 Teampass | 1 Teampass | 2025-01-06 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | ||||
| CVE-2015-10118 | 1 Wp-copyprotect Project | 1 Wp-copyprotect | 2025-01-06 | 3.5 Low |
| A vulnerability classified as problematic was found in cchetanonline WP-CopyProtect up to 3.0.0. This vulnerability affects the function CopyProtect_options_page of the file wp-copyprotect.php. The manipulation of the argument CopyProtect_nrc_text leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.1.0 is able to address this issue. The patch is identified as 8b8fe4102886b326330dc1ff06b17313fb10aee5. It is recommended to upgrade the affected component. VDB-231202 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-13075 | 1 Phpgurukul | 1 Land Record System | 2025-01-06 | 3.5 Low |
| A vulnerability classified as problematic was found in PHPGurukul Land Record System 1.0. This vulnerability affects unknown code of the file /admin/add-propertytype.php. The manipulation of the argument Land Property Type leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13076 | 1 Phpgurukul | 1 Land Record System | 2025-01-06 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in PHPGurukul Land Record System 1.0. This issue affects some unknown processing of the file /admin/edit-propertytype.php. The manipulation of the argument Property Type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13077 | 1 Phpgurukul | 1 Land Record System | 2025-01-06 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in PHPGurukul Land Record System 1.0. Affected is an unknown function of the file /admin/add-property.php. The manipulation of the argument Land Subtype leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||