Export limit exceeded: 351470 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46007 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6013 | 1 H2o | 1 H2o | 2024-11-27 | 5.4 Medium |
| H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack. | ||||
| CVE-2023-37254 | 1 Mediawiki | 1 Mediawiki | 2024-11-27 | 6.1 Medium |
| An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format. | ||||
| CVE-2024-27313 | 1 Zohocorp | 1 Manageengine Pam360 | 2024-11-27 | 6.3 Medium |
| Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. This vulnerability is applicable only in the version 6610. | ||||
| CVE-2023-3311 | 1 Online-shopping-system-advanced Project | 1 Online-shopping-system-advanced | 2024-11-27 | 2.4 Low |
| A vulnerability, which was classified as problematic, was found in PuneethReddyHC online-shopping-system-advanced 1.0. This affects an unknown part of the file addsuppliers.php. The manipulation of the argument First name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231807. | ||||
| CVE-2023-44389 | 1 Zope | 1 Zope | 2024-11-27 | 3.1 Low |
| Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6. | ||||
| CVE-2023-33336 | 1 Sophos | 1 Web Appliance | 2024-11-27 | 4.8 Medium |
| Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes. | ||||
| CVE-2023-34840 | 1 Angular-ui-notification Project | 1 Angular-ui-notification | 2024-11-27 | 6.1 Medium |
| angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2023-34734 | 1 Secnet | 1 Annet Ac Centralized Management Platform | 2024-11-27 | 4.8 Medium |
| Annet AC Centralized Management Platform 1.02.040 is vulnerable to Stored Cross-Site Scripting (XSS) . | ||||
| CVE-2023-50924 | 1 Engelsystem | 1 Engelsystem | 2024-11-27 | 7.3 High |
| Englesystem is a shift planning system for chaos events. Engelsystem prior to v3.4.1 performed insufficient validation of user supplied data for the DECT number, mobile number, and work-log comment fields. The values of those fields would be displayed in corresponding log overviews, allowing the injection and execution of Javascript code in another user's context. This vulnerability enables an authenticated user to inject Javascript into other user's sessions. The injected JS will be executed during normal usage of the system when viewing, e.g., overview pages. This issue has been fixed in version 3.4.1. | ||||
| CVE-2023-36146 | 1 Multilaser | 2 Re170, Re170 Firmware | 2024-11-27 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733. | ||||
| CVE-2023-37298 | 1 Joplin Project | 1 Joplin | 2024-11-27 | 6.1 Medium |
| Joplin before 2.11.5 allows XSS via a USE element in an SVG document. | ||||
| CVE-2023-37299 | 1 Joplin Project | 1 Joplin | 2024-11-27 | 6.1 Medium |
| Joplin before 2.11.5 allows XSS via an AREA element of an image map. | ||||
| CVE-2023-49119 | 1 Weseek | 1 Growi | 2024-11-27 | 5.4 Medium |
| Stored cross-site scripting vulnerability via the img tags exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | ||||
| CVE-2023-28474 | 1 Concretecms | 1 Concrete Cms | 2024-11-27 | 5.4 Medium |
| Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Saved Presets on search. | ||||
| CVE-2023-33785 | 1 Netbox | 1 Netbox | 2024-11-27 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Create Rack Roles (/dcim/rack-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||||
| CVE-2023-33795 | 1 Netbox | 1 Netbox | 2024-11-27 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Create Contact Roles (/tenancy/contact-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | ||||
| CVE-2023-33661 | 1 Churchcrm | 1 Churchcrm | 2024-11-27 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters. | ||||
| CVE-2023-34647 | 1 Phpgurukul | 1 Hostel Management System | 2024-11-27 | 6.1 Medium |
| PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2023-34650 | 1 Small Crm Project | 1 Small Crm | 2024-11-27 | 6.1 Medium |
| PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2023-34651 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-27 | 6.1 Medium |
| PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS). | ||||