Export limit exceeded: 43888 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43888 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8668 | 1 E-kalite Software Hardware Engineering Design And Internet Services Industry And Trade Ltd. Co. | 1 Turboard | 2026-02-11 | 9.4 Critical |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard allows Reflected XSS.This issue affects Turboard: from 2025.07 through 11022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2344 | 1 Plunet | 1 Business Manager | 2026-02-11 | N/A |
| A vulnerability in Plunet Plunet BusinessManager allows unauthorized actions being performed on behalf of privileged users.This issue affects Plunet BusinessManager: 10.15.1 | ||||
| CVE-2018-25157 | 1 Phraseanet | 1 Phraseanet Dam Open Source | 2026-02-11 | 6.4 Medium |
| Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through crafted file names during document uploads. Attackers can upload files with embedded SVG scripts that execute in the browser, potentially stealing cookies or redirecting users when the file is viewed. | ||||
| CVE-2019-25311 | 1 Kostasmitroglou | 1 Thesystem | 2026-02-11 | 6.4 Medium |
| thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operating_system, system_owner, system_username, system_password, system_description, and server_name parameters to execute arbitrary JavaScript in victim browsers. | ||||
| CVE-2019-25315 | 2 Anttiviljami, Wordpress | 2 Wp Server Log Viewer, Wordpress | 2026-02-11 | 6.4 Medium |
| WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log files with embedded XSS payloads that will execute when viewed in the WordPress admin interface. | ||||
| CVE-2019-25316 | 1 Goautodial | 1 Goautodial | 2026-02-11 | 6.4 Medium |
| GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the CreateEvent.php endpoint by sending crafted POST requests with XSS payloads to execute arbitrary JavaScript in victim browsers. | ||||
| CVE-2025-68643 | 1 Axigen | 2 Axigen Mail Server, Mail Server | 2026-02-11 | 5.4 Medium |
| Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting (XSS) in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack. In the first stage, a malicious JavaScript payload is injected into the timeFormat preference by exploiting a separate vulnerability or using compromised credentials. In the second stage, when the victim logs into the WebMail interface, the unsanitized timeFormat value is loaded from storage and inserted into the DOM, causing the injected script to execute. | ||||
| CVE-2025-70958 | 2 Intelliants, Subrion | 2 Subrion Cms, Cms | 2026-02-11 | 6.1 Medium |
| Multiple reflected cross-site scripting (XSS) vulnerabilities in the installation module of Subrion CMS v4.2.1 allows attackers to execute arbitrary Javascript in the context of the user's browser via injecting a crafted payload into the dbuser, dbpwd, and dbname parameters. | ||||
| CVE-2025-70959 | 1 Tendenci | 2 Cms, Tendenci | 2026-02-11 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Jobs module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. | ||||
| CVE-2025-70960 | 1 Tendenci | 2 Cms, Tendenci | 2026-02-11 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. | ||||
| CVE-2025-70545 | 1 Belden | 3 Ont 2k05x Router, Ppc 2k05x, Ppc 2k05x Firmware | 2026-02-11 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in the web management interface of the PPC (Belden) ONT 2K05X router running firmware v1.1.9_206L. The Common Gateway Interface (CGI) component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject arbitrary JavaScript that is persistently stored and executed when the affected interface is accessed. | ||||
| CVE-2021-47919 | 1 Simplephpscripts | 2 Simple Cms, Simple Cms Php | 2026-02-11 | 6.4 Medium |
| Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks. | ||||
| CVE-2021-47917 | 1 Simplephpscripts | 2 Simple Cms, Simple Cms Php | 2026-02-11 | 6.4 Medium |
| Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading to session hijacking and application manipulation. | ||||
| CVE-2021-47914 | 1 Phpsugar | 1 Php Melody | 2026-02-11 | 6.4 Medium |
| PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijacking, persistent phishing, and manipulation of application modules. | ||||
| CVE-2021-47913 | 1 Phpsugar | 1 Php Melody | 2026-02-11 | 6.4 Medium |
| PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation. | ||||
| CVE-2026-0946 | 2 Bordeaux-metropole, Drupal | 2 At Internet Smarttag, At Internet Smarttag | 2026-02-11 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AT Internet SmartTag allows Cross-Site Scripting (XSS).This issue affects AT Internet SmartTag: from 0.0.0 before 1.0.1. | ||||
| CVE-2026-0947 | 2 Bordeaux-metropole, Drupal | 2 At Internet Piano Analytics, At Internet Piano Analytics | 2026-02-11 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AT Internet Piano Analytics allows Cross-Site Scripting (XSS).This issue affects AT Internet Piano Analytics: from 0.0.0 before 1.0.1, from 2.0.0 before 2.3.1. | ||||
| CVE-2023-23408 | 1 Microsoft | 2 Azure Hdinsight, Azure Hdinsights | 2026-02-11 | 4.5 Medium |
| Azure Apache Ambari Spoofing Vulnerability | ||||
| CVE-2023-36881 | 1 Microsoft | 2 Azure Hdinsight, Azure Hdinsights | 2026-02-11 | 4.5 Medium |
| Azure Apache Ambari Spoofing Vulnerability | ||||
| CVE-2023-36877 | 1 Microsoft | 2 Azure Hdinsight, Azure Hdinsights | 2026-02-11 | 4.5 Medium |
| Azure Apache Oozie Spoofing Vulnerability | ||||