Export limit exceeded: 352097 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46095 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46095 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-48893 | 1 Fortinet | 1 Fortisoar | 2025-02-03 | 6.4 Medium |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via the creation of malicious playbook. | ||||
| CVE-2024-52967 | 1 Fortinet | 1 Fortiportal | 2025-02-03 | 3.3 Low |
| An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection. | ||||
| CVE-2024-3544 | 1 Progress | 1 Loadmaster | 2025-02-03 | 7.5 High |
| Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require a shared secret that must be exchanged between the partners before communication can proceed. | ||||
| CVE-2012-5873 | 1 Arc2 Project | 1 Arc2 | 2025-02-03 | 5.3 Medium |
| ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the end_point.php query parameter in an output=htmltab action. | ||||
| CVE-2023-30790 | 1 Monicahq | 1 Monica | 2025-02-03 | 5.4 Medium |
| MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/relationships` endpoint and first_name and last_name parameter. | ||||
| CVE-2023-30789 | 1 Monicahq | 1 Monica | 2025-02-03 | 5.4 Medium |
| MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/work` endpoint and job and company parameter. | ||||
| CVE-2023-30838 | 1 Prestashop | 1 Prestashop | 2025-02-03 | 8.6 High |
| PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the `ValidateCore::isCleanHTML()` method of Prestashop misses hijackable events which can lead to cross-site scripting (XSS) injection, allowed by the presence of pre-setup `@keyframes` methods. This XSS, which hijacks HTML attributes, can be triggered without any interaction by the visitor/administrator, which makes it as dangerous as a trivial XSS attack. Contrary to other attacks which target HTML attributes and are triggered without user interaction (such as onload / onerror which suffer from a very limited scope), this one can hijack every HTML element, which increases the danger due to a complete HTML elements scope. Versions 8.0.4 and 1.7.8.9 contain a fix for this issue. | ||||
| CVE-2023-30787 | 1 Monicahq | 1 Monica | 2025-02-03 | 5.4 Medium |
| MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/introductions` endpoint and first_met_additional_info parameter. | ||||
| CVE-2023-30212 | 1 Ourphp | 1 Ourphp | 2025-02-03 | 6.1 Medium |
| OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php. | ||||
| CVE-2023-30210 | 1 Ourphp | 1 Ourphp | 2025-02-03 | 6.1 Medium |
| OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via ourphp_tz.php. | ||||
| CVE-2023-25346 | 1 Churchcrm | 1 Churchcrm | 2025-02-03 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found. | ||||
| CVE-2022-25276 | 1 Drupal | 1 Drupal | 2025-02-03 | 6.1 Medium |
| The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities. | ||||
| CVE-2023-30417 | 1 Pearadmin | 1 Pear Admin Boot | 2025-02-03 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message. | ||||
| CVE-2023-30267 | 1 Cltphp | 1 Cltphp | 2025-02-03 | 6.1 Medium |
| CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via application/home/controller/Changyan.php. | ||||
| CVE-2023-30177 | 1 Craftcms | 1 Craft Cms | 2025-02-03 | 6.1 Medium |
| CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name. | ||||
| CVE-2023-30111 | 1 Medicine Tracker System Project | 1 Medicine Tracker System | 2025-02-03 | 6.1 Medium |
| Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2023-30106 | 1 Medicine Tracker System Project | 1 Medicine Tracker System | 2025-02-03 | 6.1 Medium |
| Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about. | ||||
| CVE-2023-2291 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2025-02-03 | 7.8 High |
| Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user. | ||||
| CVE-2023-29836 | 1 Exelysis | 1 Exelysis Unified Communications Solution | 2025-02-03 | 6.1 Medium |
| Cross Site Scripting vulnerability found in Exelysis Unified Communication Solutions (EUCS) v.1.0 allows a remote attacker to execute arbitrary code via the Username parameter of the eucsAdmin login form. | ||||
| CVE-2023-29442 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-02-03 | 6.1 Medium |
| Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS. | ||||