Export limit exceeded: 46121 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46121 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24322 | 1 Mojoportal | 1 Mojoportal | 2025-03-24 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters. | ||||
| CVE-2022-33934 | 1 Dell | 1 Emc Powerscale Onefs | 2025-03-24 | 7.7 High |
| Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges may potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected fields. | ||||
| CVE-2024-7976 | 1 Google | 1 Chrome | 2025-03-24 | 4.3 Medium |
| Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-24234 | 1 Inventory Management System Project | 1 Inventory Management System | 2025-03-24 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter. | ||||
| CVE-2023-24233 | 1 Inventory Management System Project | 1 Inventory Management System | 2025-03-24 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter. | ||||
| CVE-2023-24232 | 1 Inventory Management System Project | 1 Inventory Management System | 2025-03-24 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter. | ||||
| CVE-2023-24231 | 1 Inventory Management System Project | 1 Inventory Management System | 2025-03-24 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/categories.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Categories Name parameter. | ||||
| CVE-2023-24230 | 1 Formwork Project | 1 Formwork | 2025-03-24 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter. | ||||
| CVE-2022-45766 | 1 Keystorage | 1 Global Facilities Management Software | 2025-03-24 | 9.1 Critical |
| Hardcoded credentials in Global Facilities Management Software (GFMS) Version 3 software distributed by Key Systems Management permits remote attackers to impact availability, confidentiality, accessibility and dependability of electronic key boxes. | ||||
| CVE-2022-45285 | 1 Vsourz | 1 Advanced Cf7 Db | 2025-03-24 | 6.1 Medium |
| Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2022-44261 | 1 Averydennison | 2 Monarch Printer M9855, Monarch Printer M9855 Firmware | 2025-03-24 | 6.1 Medium |
| Avery Dennison Monarch Printer M9855 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2022-34449 | 1 Dell | 1 Powerpath Management Appliance | 2025-03-24 | 6 Medium |
| PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys vulnerability. Authenticated admin users can exploit the issue that leads to view and modifying sensitive information stored in the application. | ||||
| CVE-2022-34451 | 1 Dell | 1 Powerpath Management Appliance | 2025-03-24 | 4.8 Medium |
| PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user could potentially exploit this vulnerability, to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server. | ||||
| CVE-2023-0776 | 1 Baicells | 8 Neutrino 430, Neutrino 430 Firmware, Nova430e and 5 more | 2025-03-24 | 8.1 High |
| Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce. | ||||
| CVE-2023-0786 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-03-24 | 8.4 High |
| Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||||
| CVE-2023-0787 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-03-24 | 8.1 High |
| Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | ||||
| CVE-2024-55009 | 1 Datax | 1 Autobib | 2025-03-24 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in AutoBib - Bibliographic collection management system 3.1.140 and earlier allows attackers to execute arbitrary Javascript in the context of a victim's browser via injecting a crafted payload into the WCE=topFrame&WCU= parameter. | ||||
| CVE-2024-1589 | 1 Pressified | 1 Sendpress | 2025-03-24 | 6.1 Medium |
| The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-43113 | 1 Mozilla | 1 Firefox | 2025-03-24 | 6.1 Medium |
| The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129. | ||||
| CVE-2023-23286 | 1 Farsight | 1 Provide Server | 2025-03-24 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form. | ||||