Export limit exceeded: 346373 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45566 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45566 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37298 | 1 Joplin Project | 1 Joplin | 2024-11-27 | 6.1 Medium |
| Joplin before 2.11.5 allows XSS via a USE element in an SVG document. | ||||
| CVE-2023-37299 | 1 Joplin Project | 1 Joplin | 2024-11-27 | 6.1 Medium |
| Joplin before 2.11.5 allows XSS via an AREA element of an image map. | ||||
| CVE-2023-49119 | 1 Weseek | 1 Growi | 2024-11-27 | 5.4 Medium |
| Stored cross-site scripting vulnerability via the img tags exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | ||||
| CVE-2023-28474 | 1 Concretecms | 1 Concrete Cms | 2024-11-27 | 5.4 Medium |
| Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Saved Presets on search. | ||||
| CVE-2023-33785 | 1 Netbox | 1 Netbox | 2024-11-27 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Create Rack Roles (/dcim/rack-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||||
| CVE-2023-33795 | 1 Netbox | 1 Netbox | 2024-11-27 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Create Contact Roles (/tenancy/contact-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||||
| CVE-2023-33661 | 1 Churchcrm | 1 Churchcrm | 2024-11-27 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters. | ||||
| CVE-2023-34647 | 1 Phpgurukul | 1 Hostel Management System | 2024-11-27 | 6.1 Medium |
| PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2023-34650 | 1 Small Crm Project | 1 Small Crm | 2024-11-27 | 6.1 Medium |
| PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2023-34651 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-27 | 6.1 Medium |
| PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2023-34652 | 1 Phpgurukul | 1 Hostel Management System | 2024-11-27 | 6.1 Medium |
| PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course. | ||||
| CVE-2022-27665 | 1 Progress | 1 Ws Ftp Server | 2024-11-27 | 6.1 Medium |
| Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI. | ||||
| CVE-2023-34831 | 1 Odysseycs | 1 Ithacalabs Turnitin Lti | 2024-11-27 | 5.4 Medium |
| The "Submission Web Form" of Turnitin LTI tool/plugin version 1.3 is affected by HTML Injection attacks. The security issue affects the submission web form ("id" and "title" HTTP POST parameters) where the students submit their reports for similarity/plagiarism checks. | ||||
| CVE-2023-36484 | 1 Ilias | 1 Ilias | 2024-11-26 | 6.1 Medium |
| ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting (XSS). | ||||
| CVE-2023-33335 | 1 Sophos | 1 Iview | 2024-11-26 | 6.1 Medium |
| Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed. | ||||
| CVE-2023-42325 | 1 Netgate | 1 Pfsense | 2024-11-26 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page. | ||||
| CVE-2022-37139 | 1 Razormist | 1 Loan Management System | 2024-11-26 | 5.4 Medium |
| Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability. | ||||
| CVE-2024-48415 | 2 Itsourcecode, Razormist | 2 Loan Management System, Loan Management System | 2024-11-26 | 4.6 Medium |
| itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in new borrowers functionality on the Borrowers page. | ||||
| CVE-2023-37256 | 1 Mediawiki | 1 Mediawiki | 2024-11-26 | 6.1 Medium |
| An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs. | ||||
| CVE-2023-33276 | 1 Gira | 2 Knx Ip Router, Knx Ip Router Firmware | 2024-11-26 | 6.1 Medium |
| The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a "404 - Not Found" status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the supplied path without context-sensitive HTML encoding, it is vulnerable to reflective cross-site scripting (XSS). | ||||