Export limit exceeded: 352289 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46111 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-33171 | 1 Microsoft | 1 Dynamics 365 | 2025-02-28 | 8.2 High |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2023-35335 | 1 Microsoft | 1 Dynamics 365 | 2025-02-28 | 8.2 High |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2025-1586 | 1 Code-projects | 1 Blood Bank System | 2025-02-28 | 3.5 Low |
| A vulnerability was found in code-projects Blood Bank System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /Blood/A-.php. The manipulation of the argument Bloodname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1591 | 1 Razormist | 1 Employee Management System | 2025-02-28 | 2.4 Low |
| A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /department.php of the component Department Page. The manipulation of the argument Department Name leads to cross site scripting. The attack can be launched remotely. | ||||
| CVE-2023-27905 | 1 Jenkins | 1 Update-center2 | 2025-02-28 | 9.6 Critical |
| Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting. | ||||
| CVE-2023-27898 | 2 Jenkins, Redhat | 3 Jenkins, Ocp Tools, Openshift | 2025-02-28 | 9.6 Critical |
| Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances. | ||||
| CVE-2025-1614 | 1 Fiberhome | 2 An5506-01-a, An5506-01-a Firmware | 2025-02-28 | 2.4 Low |
| A vulnerability classified as problematic has been found in FiberHome AN5506-01A ONU GPON RP2511. Affected is an unknown function of the file /goform/portForwardingCfg of the component Port Forwarding Submenu. The manipulation of the argument pf_Description leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-1615 | 1 Fiberhome | 2 An5506-01-a, An5506-01-a Firmware | 2025-02-28 | 2.4 Low |
| A vulnerability classified as problematic was found in FiberHome AN5506-01A ONU GPON RP2511. Affected by this vulnerability is an unknown functionality of the component NAT Submenu. The manipulation of the argument Description leads to cross site scripting. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-1592 | 1 Mayurik | 1 Best Employee Management System | 2025-02-28 | 2.4 Low |
| A vulnerability was found in SourceCodester Best Employee Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/Operations/Role.php of the component Add Role Page. The manipulation of the argument assign_name/description leads to cross site scripting. The attack may be launched remotely. | ||||
| CVE-2025-1613 | 1 Fiberhome | 2 An5506-01-a, An5506-01-a Firmware | 2025-02-28 | 2.4 Low |
| A vulnerability was found in FiberHome AN5506-01A ONU GPON RP2511. It has been rated as problematic. This issue affects some unknown processing of the file /goform/URL_filterCfg of the component URL Filtering Submenu. The manipulation of the argument url_IP leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-1597 | 1 Mayurik | 1 Best Church Management Software | 2025-02-28 | 3.5 Low |
| A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/redirect.php. The manipulation of the argument a leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-27206 | 1 Best Pos Management System Project | 1 Best Pos Management System | 2025-02-28 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of Best POS Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter. | ||||
| CVE-2023-27208 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2025-02-28 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in /php-opos/login.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter. | ||||
| CVE-2023-27211 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2025-02-28 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter. | ||||
| CVE-2023-27212 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2025-02-28 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in /php-opos/signup.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter. | ||||
| CVE-2023-1286 | 1 Pimcore | 1 Pimcore | 2025-02-28 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19. | ||||
| CVE-2023-1312 | 1 Pimcore | 1 Pimcore | 2025-02-28 | 4.8 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19. | ||||
| CVE-2023-1318 | 1 Enhancesoft | 1 Osticket | 2025-02-28 | 5.4 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6. | ||||
| CVE-2025-27139 | 1 Combodo | 1 Itop | 2025-02-28 | 6.8 Medium |
| Combodo iTop is a web based IT service management tool. Versions prior to 2.7.12, 3.1.2, and 3.2.0 are vulnerable to cross-site scripting when the preferences page is opened. Versions 2.7.12, 3.1.2, and 3.2.0 fix the issue. | ||||
| CVE-2024-45741 | 1 Splunk | 3 Splunk, Splunk Cloud Platform, Splunk Enterprise | 2025-02-28 | 5.4 Medium |
| In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" parameter from the "/manager/search/apps/local" endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user. | ||||