Search Results (47133 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-30362 1 Wegia 1 Wegia 2025-04-10 5.4 Medium
WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.2.8. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently stored on the server and executed whenever a compromised page is loaded, affecting all users accessing this page. Version 3.2.8 fixes the issue.
CVE-2025-30363 1 Wegia 1 Wegia 2025-04-10 5.4 Medium
WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.2.6. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently stored on the server and executed whenever a compromised page is loaded, affecting all users accessing this page. Version 3.2.6 fixes the issue.
CVE-2021-29107 1 Esri 1 Arcgis Server 2025-04-10 6.1 Medium
A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application.
CVE-2021-29106 1 Esri 1 Arcgis Server 2025-04-10 6.1 Medium
A reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser.
CVE-2021-29105 1 Esri 1 Arcgis Server 2025-04-10 5.4 Medium
A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and below may allow a remote authenticated attacker to pass and store malicious strings in the ArcGIS Services Directory.
CVE-2021-29103 1 Esri 1 Arcgis Server 2025-04-10 6.1 Medium
A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser.
CVE-2021-29104 1 Esri 1 Arcgis Server 2025-04-10 6.1 Medium
A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application.
CVE-2021-29109 1 Esri 1 Portal For Arcgis 2025-04-10 6.1 Medium
A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser.
CVE-2021-29110 1 Esri 1 Portal For Arcgis 2025-04-10 5.4 Medium
Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application.
CVE-2021-29116 1 Esri 1 Arcgis Server 2025-04-10 6.1 Medium
A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 (only) feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.
CVE-2022-38186 1 Esri 1 Portal For Arcgis 2025-04-10 6.1 Medium
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.
CVE-2022-38190 1 Esri 1 Portal For Arcgis 2025-04-10 6.1 Medium
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser
CVE-2022-38188 1 Esri 1 Portal For Arcgis 2025-04-10 6.1 Medium
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.
CVE-2022-38191 1 Esri 1 Portal For Arcgis 2025-04-10 6.1 Medium
There is an HTML injection issue in Esri Portal for ArcGIS versions 10.9.0 and below which may allow a remote, authenticated attacker to inject HTML into some locations in the home application.
CVE-2022-38192 1 Esri 1 Portal For Arcgis 2025-04-10 6.1 Medium
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.
CVE-2022-38189 1 Esri 1 Portal For Arcgis 2025-04-10 5.4 Medium
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.
CVE-2022-38200 1 Esri 1 Arcgis Server 2025-04-10 6.1 Medium
A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim's browser.
CVE-2022-38198 1 Esri 1 Arcgis Server 2025-04-10 6.1 Medium
There is a reflected cross site scripting issue in the Esri ArcGIS Server services directory versions 10.9.1 and below that may allow a remote, unauthenticated attacker to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.
CVE-2022-38195 1 Esri 1 Arcgis Server 2025-04-10 6.1 Medium
There is as reflected cross site scripting issue in Esri ArcGIS Server versions 10.9.1 and below which may allow a remote unauthorized attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.
CVE-2022-38204 1 Esri 1 Portal For Arcgis 2025-04-10 6.1 Medium
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.