Export limit exceeded: 45566 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45566 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37251 | 1 Mediawiki | 1 Mediawiki | 2024-11-26 | 6.1 Medium |
| An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs. | ||||
| CVE-2023-37255 | 1 Mediawiki | 1 Mediawiki | 2024-11-26 | 6.1 Medium |
| An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header. | ||||
| CVE-2023-49215 | 1 Usedesk | 1 Usedesk | 2024-11-26 | 6.1 Medium |
| Usedesk before 1.7.57 allows filter reflected XSS. | ||||
| CVE-2023-48880 | 1 Eyoucms | 1 Eyoucms | 2024-11-26 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn. | ||||
| CVE-2023-36471 | 1 Xwiki | 1 Commons | 2024-11-26 | 9.1 Critical |
| Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for phishing attacks or also in the context of a sheet, the attacker could add an input like `{{html}}<input type="hidden" name="content" value="{{groovy}}println("Hello from Groovy!")" />{{/html}}` that would allow remote code execution when it is submitted by an admin (the sheet is rendered as part of the edit form). The attacker would need to ensure that the edit form looks plausible, though, which can be non-trivial as without script right the attacker cannot display the regular content of the document. This has been patched in XWiki 14.10.6 and 15.2RC1 by removing the central form-related tags from the list of allowed tags. Users are advised to upgrade. As a workaround an admin can manually disallow the tags by adding `form, input, select, textarea, button` to the configuration option `xml.htmlElementSanitizer.forbidTags` in the `xwiki.properties` configuration file. | ||||
| CVE-2023-34486 | 1 Online Hotel Management System Project | 1 Online Hotel Management System | 2024-11-26 | 6.1 Medium |
| itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote code execution can be achieved by entering malicious code in the date selection box. | ||||
| CVE-2023-49490 | 1 Xunruicms | 1 Xunruicms | 2024-11-26 | 6.1 Medium |
| XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin.php. | ||||
| CVE-2023-36647 | 1 Prolion | 1 Cryptospike | 2024-11-26 | 7.5 High |
| A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens. | ||||
| CVE-2023-34599 | 1 Gibbonedu | 1 Gibbon | 2024-11-26 | 6.1 Medium |
| Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code. | ||||
| CVE-2023-34648 | 1 User Registration \& Login And User Management System With Admin Panel Project | 1 User Registration \& Login And User Management System With Admin Panel | 2024-11-26 | 6.1 Medium |
| A Cross Site Scripting vulnerability in PHPgurukl User Registration Login and User Management System with admin panel v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the signup.php. | ||||
| CVE-2024-9768 | 1 Strategy11 | 1 Formidable Forms | 2024-11-26 | 4.8 Medium |
| The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2023-46499 | 1 Evershop | 1 Evershop | 2024-11-26 | 6.1 Medium |
| Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel. | ||||
| CVE-2023-37302 | 1 Mediawiki | 1 Mediawiki | 2024-11-26 | 6.1 Medium |
| An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute). | ||||
| CVE-2023-37304 | 1 Mediawiki | 1 Mediawiki | 2024-11-26 | 5.4 Medium |
| An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature. | ||||
| CVE-2024-35675 | 1 Advanced-woo-labels | 1 Advanced Woo Labels | 2024-11-26 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ILLID Advanced Woo Labels allows Cross-Site Scripting (XSS).This issue affects Advanced Woo Labels: from n/a through 1.93. | ||||
| CVE-2024-20387 | 1 Cisco | 2 Firepower Management Center, Secure Firewall Management Center | 2024-11-26 | 5.4 Medium |
| A vulnerability in the web-based management interface of Cisco FMC Software could allow an authenticated, remote attacker to store malicious content for use in XSS attacks. This vulnerability is due to improper input sanitization in the web-based management interface of Cisco FMC Software. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to conduct a stored XSS attack on an affected device. | ||||
| CVE-2024-20410 | 1 Cisco | 2 Firepower Management Center, Secure Firewall Management Center | 2024-11-26 | 5.4 Medium |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. | ||||
| CVE-2023-20041 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | 4.8 Medium |
| Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. | ||||
| CVE-2024-20403 | 1 Cisco | 2 Firepower Management Center, Secure Firewall Management Center | 2024-11-26 | 4.8 Medium |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. | ||||
| CVE-2023-20005 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | 4.8 Medium |
| Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. | ||||