Export limit exceeded: 46011 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46011 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-34464 | 1 Xwiki | 1 Xwiki | 2024-12-05 | 9.1 Critical |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.2.1 until versions 14.4.8, 14.10.5, and 15.1RC1 of org.xwiki.platform:xwiki-platform-web and any version prior to 14.4.8, 14.10.5, and 15.1.RC1 of org.xwiki.platform:xwiki-platform-web-templates, any user who can edit a document in a wiki like the user profile can create a stored cross-site scripting attack. The attack occurs by putting plain HTML code into that document and then tricking another user to visit that document with the `displaycontent` or `rendercontent` template and plain output syntax. If a user with programming rights is tricked into visiting such a URL, arbitrary actions be performed with this user's rights, impacting the confidentiality, integrity, and availability of the whole XWiki installation. This has been patched in XWiki 14.4.8, 14.10.5 and 15.1RC1 by setting the content type of the response to plain text when the output syntax is not an HTML syntax. | ||||
| CVE-2023-32607 | 1 Pleasanter | 1 Pleasanter | 2024-12-05 | 5.4 Medium |
| Stored cross-site scripting vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script. | ||||
| CVE-2023-36675 | 1 Mediawiki | 1 Mediawiki | 2024-12-05 | 6.1 Medium |
| An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature. | ||||
| CVE-2023-36666 | 1 Inex | 1 Ixp Manager | 2024-12-05 | 6.1 Medium |
| INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page-header-preamble.foil.php, edit-form.foil.php, page-header-preamble.foil.php, overview.foil.php, cust.foil.php, and view.foil.php may be affected. | ||||
| CVE-2020-18413 | 1 Chaoji Cms Project | 1 Chaoji Cms | 2024-12-05 | 4.8 Medium |
| Stored cross site scripting (XSS) vulnerability in /index.php?admin-master-navmenu-add of Chaoji CMS v2.18 that allows attackers to execute arbitrary code. | ||||
| CVE-2020-18410 | 1 Chaoji Cms Project | 1 Chaoji Cms | 2024-12-05 | 4.8 Medium |
| A stored cross site scripting (XSS) vulnerability in /index.php?admin-master-article-edit of Chaoji CMS v2.18 that allows attackers to obtain administrator privileges. | ||||
| CVE-2024-2380 | 1 Checkmk | 1 Checkmk | 2024-12-04 | 4.6 Medium |
| Stored XSS in graph rendering in Checkmk <2.3.0b4. | ||||
| CVE-2023-34796 | 1 Techsneeze | 1 Dmarc Report | 2024-12-04 | 6.1 Medium |
| Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary code via the org_name or domain values. | ||||
| CVE-2020-18404 | 1 Ecisp | 1 Espcms | 2024-12-04 | 4.8 Medium |
| An issue was discovered in espcms version P8.18101601. There is a cross site scripting (XSS) vulnerability that allows arbitrary code to be executed via the title parameter. | ||||
| CVE-2020-18414 | 1 Chaoji Cms Project | 1 Chaoji Cms | 2024-12-04 | 4.8 Medium |
| Stored cross site scripting (XSS) vulnerability in Chaoji CMS v2.18 that allows attackers to execute arbitrary code via /index.php?admin-master-webset. | ||||
| CVE-2024-11742 | 2 Mayurik, Sourcecodester | 2 Best House Rental Management System, Best House Rental Management System | 2024-12-04 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Best House Rental Management System 1.0. This issue affects some unknown processing of the file /rental/ajax.php?action=save_tenant. The manipulation of the argument lastname/firstname/middlename leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2021-30203 | 1 Dzzoffice | 1 Dzzoffice | 2024-12-04 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2023-3332 | 1 Nec | 34 Aterm Wf300hp, Aterm Wf300hp Firmware, Aterm Wg1400hp and 31 more | 2024-12-04 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities. | ||||
| CVE-2024-11678 | 2 Codeastro, Hospital Management System Project | 2 Hospital Management System, Hospital Management System | 2024-12-04 | 3.5 Low |
| A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /backend/doc/his_doc_register_patient.php. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11677 | 2 Codeastro, Hospital Management System Project | 2 Hospital Management System, Hospital Management System | 2024-12-04 | 3.5 Low |
| A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /backend/admin/his_admin_add_vendor.php of the component Add Vendor Details Page. The manipulation of the argument v_name/v_adr/v_number/v_email/v_phone/v_desc leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11676 | 2 Codeastro, Hospital Management System Project | 2 Hospital Management System, Hospital Management System | 2024-12-04 | 3.5 Low |
| A vulnerability was found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /backend/admin/his_admin_add_lab_equipment.php of the component Add Laboratory Equipment Page. The manipulation of the argument eqp_code/eqp_name/eqp_vendor/eqp_desc/eqp_dept/eqp_status/eqp_qty leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11675 | 2 Codeastro, Phpgurukul | 2 Hospital Management System, Hospital Management System | 2024-12-04 | 3.5 Low |
| A vulnerability has been found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /backend/admin/his_admin_register_patient.php of the component Add Patient Details Page. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11660 | 2 Anisha, Code-projects | 2 Farmacia, Farmacia | 2024-12-04 | 3.5 Low |
| A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file usuario.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2023-28485 | 1 Wekan Project | 1 Wekan | 2024-12-04 | 5.4 Medium |
| A stored cross-site scripting (Stored XSS) vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board (where they have BoardAdmin access), and renameAttachment does not block XSS payloads. | ||||
| CVE-2023-27082 | 1 Pluck-cms | 1 Pluck | 2024-12-04 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file. | ||||