Export limit exceeded: 46093 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46093 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1090 | 1 Smtp Mailing Queue Project | 1 Smtp Mailing Queue | 2025-01-30 | 4.8 Medium |
| The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-1021 | 1 Amr-ical-events-list Project | 1 Amr-ical-events-list | 2025-01-30 | 4.8 Medium |
| The amr ical events lists WordPress plugin through 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-0891 | 1 Codestag | 1 Stagtools | 2025-01-30 | 5.4 Medium |
| The StagTools WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-1384 | 2 Amazon, Bestbuy | 3 Fire Os, Fire Tv Stick 3rd Gen, Insignia Tv | 2025-01-30 | 4.3 Medium |
| The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3. | ||||
| CVE-2024-9672 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2025-01-30 | 5.4 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. This issue can be used to execute specially created JavaScript payloads in the browser. A user must click on a malicious link for this issue to occur. | ||||
| CVE-2023-24744 | 1 Rediker | 1 Adminplus | 2025-01-29 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Rediker Software AdminPlus 6.1.91.00 allows remote attackers to run arbitrary code via the onload function within the application DOM. | ||||
| CVE-2023-1836 | 1 Gitlab | 1 Gitlab | 2025-01-29 | 4.4 Medium |
| A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in "raw" mode, it can be made to render as HTML if viewed under specific circumstances | ||||
| CVE-2024-22359 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-01-29 | 6.1 Medium |
| IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280897. | ||||
| CVE-2024-49806 | 1 Ibm | 1 Security Verify Access | 2025-01-29 | 9.4 Critical |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | ||||
| CVE-2024-49805 | 1 Ibm | 1 Security Verify Access | 2025-01-29 | 9.4 Critical |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | ||||
| CVE-2023-31799 | 1 Chamilo | 1 Chamilo Lms | 2025-01-29 | 4.8 Medium |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter. | ||||
| CVE-2023-30334 | 1 Asmbb Project | 1 Asmbb | 2025-01-29 | 6.1 Medium |
| AsmBB v2.9.1 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the MiniMag.asm and bbcode.asm libraries. | ||||
| CVE-2023-30184 | 1 Typecho | 1 Typecho | 2025-01-29 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment. | ||||
| CVE-2023-30097 | 1 Totaljs | 1 Messenger | 2025-01-29 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field. | ||||
| CVE-2023-30096 | 1 Totaljs | 1 Messenger | 2025-01-29 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field. | ||||
| CVE-2023-30095 | 1 Totaljs | 1 Messenger | 2025-01-29 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field. | ||||
| CVE-2023-30094 | 1 Totaljs | 1 Flow | 2025-01-29 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module. | ||||
| CVE-2023-30093 | 1 Onosproject | 1 Onos | 2025-01-29 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard. | ||||
| CVE-2023-27075 | 1 Microbin | 1 Microbin | 2025-01-29 | 5.4 Medium |
| A cross-site scripting vulnerability (XSS) in the component microbin/src/pasta.rs of Microbin v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2020-35241 | 1 Flatpress | 1 Flatpress | 2025-01-29 | 4.8 Medium |
| FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog Content component. This vulnerability can allow an attacker to inject the XSS payload in Blog content via the admin panel. Each time any user will go to that blog page, the XSS triggers and the attacker can steal the cookie according to the crafted payload. | ||||