| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Dynamics 365 Field Service Spoofing Vulnerability |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
| Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability |
| Microsoft SharePoint Server Spoofing Vulnerability |
| Azure AI Search Information Disclosure Vulnerability |
| Dynamics 365 Customer Insights Spoofing Vulnerability |
| Dynamics 365 Customer Insights Spoofing Vulnerability |
| Azure Migrate Cross-Site Scripting Vulnerability |
| In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. |
| An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature. |
| ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross Site Scripting (XSS) via createPdf.php. |
| "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592." |
| Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5.
|
| The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the osd_subscribe_message parameter found in the ~/options/osd_subscribe_options_subscribers.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.3. |
| The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the date parameter found in the ~/analyse/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.1. |
| The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8. |
| The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/wp-scrippets.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.1. |
| The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the posted parameter found in the ~/wap/writer.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.13.2. |
