Export limit exceeded: 352044 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46090 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46090 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2428 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-01-30 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13. | ||||
| CVE-2023-29772 | 1 Asus | 2 Rt-ac51u, Rt-ac51u Firmware | 2025-01-30 | 5.2 Medium |
| A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request. | ||||
| CVE-2023-29638 | 1 Winterchen | 1 My-site | 2025-01-30 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in WinterChenS my-site before commit 3f0423da6d5200c7a46e200da145c1f54ee18548, allows attackers to inject arbitrary web script or HTML via editing blog articles. | ||||
| CVE-2023-29637 | 1 Qbian61 Forum-java Project | 1 Qbian61 Forum-java | 2025-01-30 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Qbian61 forum-java, allows attackers to inject arbitrary web script or HTML via editing the article content in the "article editor" page. | ||||
| CVE-2023-26089 | 1 Echa.europa | 1 Iuclid | 2025-01-30 | 9.8 Critical |
| European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5. | ||||
| CVE-2022-43871 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2025-01-30 | 4.6 Medium |
| IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239707. | ||||
| CVE-2023-22921 | 1 Zyxel | 2 Nbg-418n, Nbg-418n Firmware | 2025-01-30 | 7.5 High |
| A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to store malicious scripts using a web management interface parameter, resulting in denial-of-service (DoS) conditions on an affected device. | ||||
| CVE-2023-2475 | 1 J2eefast | 1 J2eefast | 2025-01-30 | 3.5 Low |
| A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. This issue affects some unknown processing of the component System Message Handler. The manipulation of the argument 主题 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-227867. | ||||
| CVE-2023-30639 | 1 Archerirm | 1 Archer | 2025-01-30 | 7.1 High |
| Archer Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. 6.11.P4 (6.11.0.4) is also a fixed release. | ||||
| CVE-2022-47877 | 1 Jedox | 1 Jedox | 2025-01-30 | 9.6 Critical |
| A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'. | ||||
| CVE-2023-1861 | 1 Limit Login Attempts Project | 1 Limit Login Attempts | 2025-01-30 | 5.4 Medium |
| The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2023-1805 | 1 Pixelyoursite | 1 Product Catalog Feed | 2025-01-30 | 6.1 Medium |
| The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-1804 | 1 Pixelyoursite | 1 Product Catalog Feed | 2025-01-30 | 6.1 Medium |
| The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators. | ||||
| CVE-2023-1614 | 1 Wp Custom Author Url Project | 1 Wp Custom Author Url | 2025-01-30 | 4.8 Medium |
| The WP Custom Author URL WordPress plugin before 1.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2023-1554 | 1 Fullworksplugins | 1 Quick Paypal Payments | 2025-01-30 | 4.8 Medium |
| The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-1546 | 1 Plainviewplugins | 1 Mycryptocheckout | 2025-01-30 | 6.1 Medium |
| The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting | ||||
| CVE-2023-1525 | 1 Geminilabs | 1 Site Reviews | 2025-01-30 | 4.8 Medium |
| The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2023-1090 | 1 Smtp Mailing Queue Project | 1 Smtp Mailing Queue | 2025-01-30 | 4.8 Medium |
| The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-1021 | 1 Amr-ical-events-list Project | 1 Amr-ical-events-list | 2025-01-30 | 4.8 Medium |
| The amr ical events lists WordPress plugin through 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-0891 | 1 Codestag | 1 Stagtools | 2025-01-30 | 5.4 Medium |
| The StagTools WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||