Export limit exceeded: 352161 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 352161 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 352161 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46100 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46100 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34906 | 1 Dootask | 1 Dootask | 2025-02-13 | 6.3 Medium |
| An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file. | ||||
| CVE-2024-30889 | 2 Audimex, Web-audimex | 2 Audimexee, Audimexee | 2025-02-13 | 5.4 Medium |
| Cross Site Scripting vulnerability in audimex audimexEE v.15.1.2 and fixed in 15.1.3.9 allows a remote attacker to execute arbitrary code via the service, method, widget_type, request_id, payload parameters. | ||||
| CVE-2024-5933 | 1 Lollms | 1 Lollms Web Ui | 2025-02-13 | 5.4 Medium |
| A Cross-site Scripting (XSS) vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This vulnerability allows an attacker to inject malicious scripts via chat messages, which are then executed in the context of the user's browser. | ||||
| CVE-2020-29444 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2025-02-12 | 5.4 Medium |
| Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters. | ||||
| CVE-2024-53962 | 1 Adobe | 1 Experience Manager | 2025-02-12 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2025-0530 | 2025-02-12 | 3.5 Low | ||
| A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. This vulnerability affects unknown code of the file /_parse/_feedback_system.php. The manipulation of the argument type leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0800 | 1 Argie | 1 Online Courseware | 2025-02-12 | 2.4 Low |
| A vulnerability classified as problematic has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file /pcci/admin/saveeditt.php of the component Edit Teacher. The manipulation of the argument fname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0806 | 1 Anisha | 1 Job Recruitment | 2025-02-12 | 4.3 Medium |
| A vulnerability was found in code-projects Job Recruitment 1.0. It has been rated as problematic. This issue affects some unknown processing of the file _call_job_search_ajax.php. The manipulation of the argument job_type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-1703 | 1 Pimcore | 1 Pimcore | 2025-02-12 | 5.4 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20. | ||||
| CVE-2023-1704 | 1 Pimcore | 1 Pimcore | 2025-02-12 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20. | ||||
| CVE-2022-37462 | 1 Upstreamworks | 1 Upstream Works On Finesse | 2025-02-12 | 5.4 Medium |
| A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details. | ||||
| CVE-2024-35218 | 1 Umbraco | 1 Umbraco Cms | 2025-02-12 | 4.2 Medium |
| Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in version(s) 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing IHtmlSanitizer. | ||||
| CVE-2024-1700 | 1 Keerti1924 | 1 Php Mysql User Signup Login System | 2025-02-12 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in keerti1924 PHP-MYSQL-User-Login-System 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument username with the input <script>alert("xss")</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254388. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-26291 | 1 Forcepoint | 2 Cloud Security Gateway, Web Security | 2025-02-12 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_form.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_form.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023. | ||||
| CVE-2023-1701 | 1 Pimcore | 1 Pimcore | 2025-02-12 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20. | ||||
| CVE-2023-1702 | 1 Pimcore | 1 Pimcore | 2025-02-12 | 5.4 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20. | ||||
| CVE-2023-2516 | 1 Teampass | 1 Teampass | 2025-02-12 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7. | ||||
| CVE-2023-2395 | 1 Netgear | 2 Srx5308, Srx5308 Firmware | 2025-02-12 | 4.3 Medium |
| A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the component Web Management Interface. The manipulation of the argument Login.userAgent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227673 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3083 | 1 Teampass | 1 Teampass | 2025-02-12 | 8.7 High |
| Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | ||||
| CVE-2023-30627 | 1 Jellyfin | 1 Jellyfin | 2025-02-12 | 9.1 Critical |
| jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerability in device.js can be used to make arbitrary calls to the `REST` endpoints with admin privileges. When combined with CVE-2023-30626, this results in remote code execution on the Jellyfin instance in the context of the user who's running it. This issue is patched in version 10.8.10. There are no known workarounds. | ||||