CWE-79 CVEs and Security Vulnerabilities

Export limit exceeded: 45966 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (45966 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-47814	1 Bmicalculator	1 Bmi Calculator	2024-11-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Waterloo Plugins BMI Calculator Plugin plugin <= 1.0.3 versions.
CVE-2023-47813	1 Grandslambert	1 Better Rss Widget	2024-11-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in grandslambert Better RSS Widget plugin <= 2.8.1 versions.
CVE-2023-47812	1 Bamboo Mcr	1 Bamboo Columns	2024-11-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bamboo Mcr Bamboo Columns plugin <= 1.6.1 versions.
CVE-2023-47811	1 Sureshkumarmukhiya	1 Anywhere Flash Embed	2024-11-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Suresh KUMAR Mukhiya Anywhere Flash Embed plugin <= 1.0.5 versions.
CVE-2023-47810	1 Asdqwedev	1 Ajax Domain Checker	2024-11-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Asdqwe Dev Ajax Domain Checker plugin <= 1.3.0 versions.
CVE-2023-47809	1 Themepoints	1 Accordion	2024-11-21	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Accordion plugin <= 2.6 versions.
CVE-2023-47808	1 Christinauechi	1 Add Widgets To Page	2024-11-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christina Uechi Add Widgets to Page plugin <= 1.3.2 versions.
CVE-2023-47800	1 Natus	2 Neuroworks Eeg, Sleepworks	2024-11-21	9.8 Critical
Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services.
CVE-2023-47797	1 Liferay	1 Liferay Portal	2024-11-21	9.6 Critical
Reflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the `p_l_back_url_title` parameter.
CVE-2023-47790	1 Popozure	1 Pz-linkcard	2024-11-21	7.1 High
Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in Poporon Pz-LinkCard plugin <= 2.4.8 versions.
CVE-2023-47786	1 Layerslider	1 Layerslider	2024-11-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LayerSlider plugin <= 7.7.9 versions.
CVE-2023-47773	1 Yasglobal	1 Permalinks Customizer	2024-11-21	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YAS Global Team Permalinks Customizer plugin <= 2.8.2 versions.
CVE-2023-47772	1 Themepunch	1 Slider Revolution	2024-11-21	6.5 Medium
Contributor+ Stored Cross-Site Scripting (XSS) vulnerability in Slider Revolution <= 6.6.14.
CVE-2023-47768	1 Diywebmastery	1 Footer Putter	2024-11-21	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Russell Jamieson Footer Putter plugin <= 1.17 versions.
CVE-2023-47767	1 Fla-shop	1 Interactive World Map	2024-11-21	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fla-shop.Com Interactive World Map plugin <= 3.2.0 versions.
CVE-2023-47766	1 Ifeelweb	1 Post Status Notifier Lite	2024-11-21	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timo Reith Post Status Notifier Lite plugin <= 1.11.0 versions.
CVE-2023-47755	1 Aazztech	1 Woocommerce Product Carousel Slider	2024-11-21	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AazzTech WooCommerce Product Carousel Slider plugin <= 3.3.5 versions.
CVE-2023-47707	3 Ibm, Linux, Microsoft	4 Aix, Security Guardium Key Lifecycle Manager, Linux Kernel and 1 more	2024-11-21	5.4 Medium
IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271522.
CVE-2023-47699	1 Ibm	1 Sterling Secure Proxy	2024-11-21	6.1 Medium
IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 270974.
CVE-2023-47623	1 Clockworkmod	1 Scrypted	2024-11-21	6.1 Medium
Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the `redirect_uri` parameter. By specifying a url with the javascript scheme (`javascript:`), an attacker can run arbitrary JavaScript code after the login.

« first previous Page 1609 of 2299. next last »