Export limit exceeded: 351840 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46046 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-61640 | 2 Mediawiki, Wikimedia | 2 Mediawiki, Mediawiki | 2026-03-16 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/RclToOrFromWidget.Js. This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1. | ||||
| CVE-2025-8280 | 2 Iambriansreed, Wordpress | 2 Contact Form 7 Recaptcha, Wordpress | 2026-03-16 | 5.8 Medium |
| The Contact Form 7 reCAPTCHA WordPress plugin through 1.2.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers. | ||||
| CVE-2025-9289 | 1 Tp-link | 10 Oc200, Oc200 Firmware, Oc220 and 7 more | 2026-03-16 | 4.7 Medium |
| A Cross-Site Scripting (XSS) vulnerability was identified in a parameter in Omada Controllers due to improper input sanitization. Exploitation requires advanced conditions, such as network positioning or emulating a trusted entity, and user interaction by an authenticated administrator. If successful, an attacker could execute arbitrary JavaScript in the administrator’s browser, potentially exposing sensitive information and compromising confidentiality. | ||||
| CVE-2012-6430 | 1 Opensolution | 2 Quick.cart, Quick Cms | 2026-03-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140. | ||||
| CVE-2023-29385 | 1 Kevonadonis | 1 Wp Abstracts | 2026-03-13 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.2 versions. | ||||
| CVE-2024-6539 | 1 Jrecms | 1 Springbootcms | 2026-03-13 | 3.5 Low |
| A vulnerability classified as problematic has been found in heyewei SpringBootCMS up to 2024-05-28. Affected is an unknown function of the file /guestbook of the component Guestbook Handler. The manipulation of the argument Content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-270450 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-0410 | 1 Qwik | 1 Qwik | 2026-03-13 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository builderio/qwik prior to 0.1.0-beta5. | ||||
| CVE-2025-70060 | 1 Ymfe | 1 Yapi | 2026-03-13 | 5.4 Medium |
| An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0. | ||||
| CVE-2025-70038 | 1 Linagora | 1 Twake | 2026-03-13 | 8.8 High |
| An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Twake v2023.Q1.1223. This allows attackers to execute arbitrary code. | ||||
| CVE-2025-53608 | 1 Fortinet | 1 Fortisandbox | 2026-03-12 | 4.6 Medium |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow an authenticated privileged attacker to execute code via crafted requests. | ||||
| CVE-2019-25311 | 1 Kostasmitroglou | 1 Thesystem | 2026-03-12 | 6.4 Medium |
| thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operating_system, system_owner, system_username, system_password, system_description, and server_name parameters to execute arbitrary JavaScript in victim browsers. | ||||
| CVE-2025-36226 | 2 Ibm, Linux | 3 Aspera Faspex, Aspera Faspex 5, Linux Kernel | 2026-03-12 | 5.4 Medium |
| IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-37800 | 1 Code-projects | 1 Restaurant Reservation System | 2026-03-12 | 6.1 Medium |
| CodeProjects Restaurant Reservation System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Date parameter at index.php. | ||||
| CVE-2023-32624 | 1 Sakura | 1 Ts Webfonts For Sakura | 2026-03-12 | 6.1 Medium |
| Cross-site scripting vulnerability in TS Webfonts for SAKURA 3.1.0 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. | ||||
| CVE-2025-13902 | 1 Schneider-electric | 2 Modicon Controllers M241/m251, Modicon Controllers M258/lmc058 | 2026-03-11 | N/A |
| CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause condition where authenticated attackers can have a victim’s browser run arbitrary JavaScript when the victim hovers over a maliciously crafted element on a web server containing the injected payload. | ||||
| CVE-2025-36173 | 1 Ibm | 2 Infosphere Data Architect, Infosphere Data Replication | 2026-03-11 | 6.1 Medium |
| Affected Product(s)Version(s)InfoSphere Data Architect9.2.1 | ||||
| CVE-2025-41710 | 2 Janitza, Weidmueller | 4 Umg 96rm-e 230v(5222062), Umg 96rm-e 24v(5222063), Energy Meter 750-230 (2540910000) and 1 more | 2026-03-11 | 6.5 Medium |
| An unauthenticated remote attacker may use hardcodes credentials to get access to the previously activated FTP Server with limited read and write privileges. | ||||
| CVE-2025-13957 | 1 Schneider-electric | 1 Struxureware Data Center Expert | 2026-03-11 | N/A |
| CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default. | ||||
| CVE-2025-40638 | 2 Eventobot, Sbitsoft | 2 Eventobot, Eventobot | 2026-03-10 | 6.1 Medium |
| A reflected Cross-Site Scripting (XSS) vulnerability has been found in Eventobot. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the 'name' parameter in '/search-results'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user. | ||||
| CVE-2025-66468 | 1 Aimeos | 2 Ai-cms-grapesjs, Grapesjs Cms | 2026-03-10 | 7.7 High |
| The Aimeos GrapesJS CMS extension provides page editor for creating content pages based on extensible components. Prior to 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8, Javascript code can be injected by malicious editors for a stored XSS attack if the standard Content Security Policy is disabled. This vulnerability is fixed in 2021.10.8, 2022.10.8, 2023.10.8, 2024.10.8, and 2025.10.8. | ||||