Export limit exceeded: 335308 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 43896 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43896 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-50376 | 1 Advantech | 6 Eki-6333ac-1gpo, Eki-6333ac-1gpo Firmware, Eki-6333ac-2g and 3 more | 2026-01-23 | 7.3 High |
| A CWE-79 "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited remotely leveraging a rogue Wi-Fi access point with a malicious SSID. | ||||
| CVE-2024-50377 | 1 Advantech | 6 Eki-6333ac-1gpo, Eki-6333ac-1gpo Firmware, Eki-6333ac-2g and 3 more | 2026-01-23 | 6.5 Medium |
| A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability is associated to the backup configuration functionality that by default encrypts the archives using a static password. | ||||
| CVE-2026-23769 | 1 Naver | 1 Lucy-xss-filter | 2026-01-23 | 6.5 Medium |
| lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files. | ||||
| CVE-2026-22911 | 2 Sick, Sick Ag | 3 Tdc-x401gl, Tdc-x401gl Firmware, Tdc-x401gl | 2026-01-23 | 5.3 Medium |
| Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device. | ||||
| CVE-2026-22913 | 2 Sick, Sick Ag | 3 Tdc-x401gl, Tdc-x401gl Firmware, Tdc-x401gl | 2026-01-23 | 4.3 Medium |
| Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data. | ||||
| CVE-2025-63644 | 2 Ph7builder, Ph7software | 2 Ph7 Social Dating Builder, Ph7-social-dating-cms | 2026-01-23 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the user profile Description field. | ||||
| CVE-2025-14556 | 2 Drupal, Flag Module Project | 2 Flag, Flag | 2026-01-23 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Flag allows Cross-Site Scripting (XSS).This issue affects Flag: from 7.X-3.0 through 7.X-3.9. | ||||
| CVE-2025-14557 | 2 Drupal, Facebook Pixel Project | 2 Facebook Pixel, Facebook Pixel | 2026-01-23 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Facebook Pixel facebook_pixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through 7.X-1.1. | ||||
| CVE-2021-24713 | 1 Cminds | 2 Video Lessons Manager, Video Lessons Manager Pro | 2026-01-23 | 4.8 Medium |
| The Video Lessons Manager WordPress plugin before 1.7.2 and Video Lessons Manager Pro WordPress plugin before 3.5.9 do not properly sanitize and escape values when updating their settings, which could allow high privilege users to perform Cross-Site Scripting attacks | ||||
| CVE-2023-31228 | 1 Cminds | 1 Cm Search And Replace | 2026-01-23 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions. | ||||
| CVE-2023-53890 | 2 Grabaperch, Perch | 2 Perch, Perch Cms | 2026-01-23 | 5.4 Medium |
| Perch CMS 3.2 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags that execute when the file is viewed, potentially stealing user session information or performing client-side attacks. | ||||
| CVE-2024-24115 | 1 Cotonti | 1 Cotonti Siena | 2026-01-23 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2025-57883 | 1 Groupsession | 3 Groupsession, Groupsession Bycloud, Groupsession Zion | 2026-01-23 | N/A |
| Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user. | ||||
| CVE-2025-58025 | 2 Averta, Wordpress | 2 Master Slider, Wordpress | 2026-01-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in averta Master Slider allows Stored XSS. This issue affects Master Slider: from n/a through 3.11.0. | ||||
| CVE-2025-58234 | 2 Joomsky, Wordpress | 2 Js Job Manager, Wordpress | 2026-01-23 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JoomSky JS Job Manager allows Stored XSS. This issue affects JS Job Manager: from n/a through 2.0.2. | ||||
| CVE-2025-64217 | 2 Themegoods, Wordpress | 2 Photography, Wordpress | 2026-01-22 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Photography photography allows Reflected XSS.This issue affects Photography: from n/a through <= 7.7.2. | ||||
| CVE-2025-66939 | 1 Altumcode | 1 66biolinks | 2026-01-22 | 5.4 Medium |
| Cross Site Scripting vulnerability in 66biolinks by AltumCode v.61.0.1 allows an attacker to execute arbitrary code via a crafted favicon file | ||||
| CVE-2025-67922 | 2 Themegoods, Wordpress | 2 Grand Restaurant, Wordpress | 2026-01-22 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Reflected XSS.This issue affects Grand Restaurant: from n/a through < 7.0.9. | ||||
| CVE-2025-47777 | 1 5ire | 1 5ire | 2026-01-22 | 9.7 Critical |
| 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to insufficient sanitization. This, in turn, can lead to Remote Code Execution (RCE) via unsafe Electron protocol handling and exposed Electron APIs. All users of 5ire client versions prior to patched releases, particularly those interacting with untrusted chatbots or pasting external content, are affected. Version 0.11.1 contains a patch for the issue. | ||||
| CVE-2021-47750 | 1 Youphptube | 1 Youphptube | 2026-01-22 | 6.1 Medium |
| YouPHPTube <= 7.8 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the redirectUri parameter in the signup page. Attackers can craft special signup URLs with embedded script tags to execute arbitrary JavaScript in victims' browsers when they access the signup page. | ||||