Export limit exceeded: 46100 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46100 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47977 | 1 Microsoft | 1 Nuance Digital Engagement Platform | 2026-02-20 | 8.2 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Nuance Digital Engagement Platform allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-13981 | 2 Artificial Intelligence Project, Drupal | 2 Artificial Intelligence, Ai | 2026-02-19 | 4.4 Medium |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AI (Artificial Intelligence) allows Cross-Site Scripting (XSS).This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.7, from 1.1.0 before 1.1.7, from 1.2.0 before 1.2.4. | ||||
| CVE-2025-69749 | 2 Otale, Tale Project | 2 Tale Blog, Tale | 2026-02-19 | 6.1 Medium |
| Cross Site Scripting vulnerability in tale v.2.0.5 allows an attacker to execute arbitrary code. | ||||
| CVE-2025-67683 | 1 Opensolution | 1 Quick.cart | 2026-02-19 | 6.1 Medium |
| Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in arbitrary JavaScript execution in the victim’s browser. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable. | ||||
| CVE-2023-24769 | 1 Webtechnologies | 1 Changedetection | 2026-02-19 | 5.4 Medium |
| Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection watch" function. | ||||
| CVE-2025-36436 | 1 Ibm | 1 Cloud Pak For Business Automation | 2026-02-19 | 6.4 Medium |
| IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-36019 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2026-02-18 | 6.1 Medium |
| IBM Concert 1.0.0 through 2.1.0 for Z hub framework is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2023-1041 | 1 Oretnom23 | 1 Simple Responsive Tourism Website | 2026-02-18 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in SourceCodester Simple Responsive Tourism Website 1.0. This affects an unknown part of the file /tourism/rate_review.php. The manipulation of the argument id with the input 1"><script>alert(1111)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221799. | ||||
| CVE-2025-66472 | 1 Xwiki | 2 Xwiki, Xwiki-platform | 2026-02-18 | 6.1 Medium |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 6.2-milestone-1 through 16.10.9 and 17.0.0-rc-1 through 17.4.1 of both XWiki Platform Flamingo Skin Resources and XWiki Platform Web Templates are vulnerable to a reflected XSS attack through a deletion confirmation message. The attacker-supplied script is executed when the victim clicks the "No" button. This issue is fixed in versions 16.10.10 and 17.4.2 of both XWiki Platform Flamingo Skin Resources and XWiki Platform Web Templates. | ||||
| CVE-2025-70092 | 1 Opensourcepos | 2 Open Source Point Of Sale, Opensourcepos | 2026-02-18 | 5.5 Medium |
| A cross-site scripting (XSS) vulnerability in the Item Kits function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Item Name parameter. | ||||
| CVE-2023-25023 | 1 Saleswonder | 1 Webinarignition | 2026-02-18 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saleswonder.Biz Webinar ignition plugin <= 2.14.2 versions. | ||||
| CVE-2023-47544 | 1 Atarim | 1 Atarim | 2026-02-18 | 7.1 High |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Atarim Visual Website Collaboration, Feedback & Project Management – Atarim plugin <= 3.12 versions. | ||||
| CVE-2025-41350 | 2 Iest, Informatica Del Este | 2 Winplus, Winplus | 2026-02-18 | 5.4 Medium |
| Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'descripcion' parameter in '/WinplusPortal/ws/sWinplus.svc/json/savesoldoc_post'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details. | ||||
| CVE-2025-41349 | 2 Iest, Informatica Del Este | 2 Winplus, Winplus | 2026-02-18 | 5.4 Medium |
| Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'descripcion' parameter in '/WinplusPortal/ws/sWinplus. svc/json/savesolpla_post'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details. | ||||
| CVE-2025-63354 | 2 Hitron, Hitrontech | 3 Hi3120, Hi3120, Hi3120 Firmware | 2026-02-17 | 4.8 Medium |
| Hitron HI3120 v7.2.4.5.2b1 allows stored XSS via the Parental Control option when creating a new filter. The device fails to properly handle inputs, allowing an attacker to inject and execute JavaScript. | ||||
| CVE-2025-53523 | 1 Groupsession | 3 Groupsession, Groupsession Bycloud, Groupsession Zion | 2026-02-17 | N/A |
| Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. A logged-in user can prepare a malicious page or URL, and an arbitrary script may be executed on the web browser when another user accesses it. | ||||
| CVE-2025-54407 | 1 Groupsession | 3 Groupsession, Groupsession Bycloud, Groupsession Zion | 2026-02-17 | N/A |
| Stored cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user. | ||||
| CVE-2025-65120 | 1 Groupsession | 3 Groupsession, Groupsession Bycloud, Groupsession Zion | 2026-02-17 | N/A |
| Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. If a user accesses a crafted page or URL, an arbitrary script may be executed on the web browser of the user. | ||||
| CVE-2025-66284 | 1 Groupsession | 3 Groupsession, Groupsession Bycloud, Groupsession Zion | 2026-02-17 | N/A |
| Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. A logged-in user can prepare a malicious page or URL, and an arbitrary script may be executed on the web browser when another user accesses it. | ||||
| CVE-2025-70091 | 1 Opensourcepos | 2 Open Source Point Of Sale, Opensourcepos | 2026-02-17 | 6.5 Medium |
| A cross-site scripting (XSS) vulnerability in the Customers function of OpenSourcePOS v3.4.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Phone Number parameter. | ||||