Export limit exceeded: 363085 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47116 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34312 | 2 Moodle, Vpl | 2 Virtual Programming Lab, Jail System | 2025-03-25 | 6.1 Medium |
| Virtual Programming Lab for Moodle up to v4.2.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component vplide.js. | ||||
| CVE-2024-33536 | 1 Zimbra | 1 Collaboration | 2025-03-25 | 5.4 Medium |
| An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability occurs due to inadequate input validation of the res parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of another user's browser session. By uploading a malicious JavaScript file, accessible externally, and crafting a URL containing its location in the res parameter, the attacker can exploit this vulnerability. Subsequently, when another user visits the crafted URL, the malicious JavaScript code is executed. | ||||
| CVE-2024-28710 | 1 Limesurvey | 1 Limesurvey | 2025-03-25 | 6.1 Medium |
| Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component. | ||||
| CVE-2024-28709 | 1 Limesurvey | 1 Limesurvey | 2025-03-25 | 6.1 Medium |
| Cross Site Scripting vulnerability in LimeSurvey before 6.5.12+240611 allows a remote attacker to execute arbitrary code via a crafted script to the title and comment fields. | ||||
| CVE-2024-28153 | 1 Jenkins | 1 Owasp Dependency-check | 2025-03-25 | 7.3 High |
| Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability. | ||||
| CVE-2024-26490 | 1 Flusity | 1 Flusity | 2025-03-25 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in the Addon JD Simple module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field. | ||||
| CVE-2024-26491 | 1 Flusity | 1 Flusity | 2025-03-25 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field. | ||||
| CVE-2024-45429 | 1 Wpengine | 1 Advanced Custom Fields | 2025-03-25 | 6.1 Medium |
| Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier and Advanced Custom Fields Pro versions 6.3.5 and earlier. If an attacker with the 'capability' setting privilege which is set in the product settings stores an arbitrary script in the field label, the script may be executed on the web browser of the logged-in user with the same privilege as the attacker's. | ||||
| CVE-2023-48432 | 1 Zimbra | 1 Collaboration | 2025-03-25 | 6.1 Medium |
| An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. XSS, with resultant session stealing, can occur via JavaScript code in a link (for a webmail redirection endpoint) within en email message, e.g., if a victim clicks on that link within Zimbra webmail. | ||||
| CVE-2023-0740 | 1 Answer | 1 Answer | 2025-03-25 | 9.0 Critical |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4. | ||||
| CVE-2024-47227 | 1 Iredmail | 1 Iredadmin | 2025-03-25 | 6.1 Medium |
| iRedAdmin before 2.6 allows XSS, e.g., via order_name. | ||||
| CVE-2023-23026 | 1 Simple Sales Management System Project | 1 Simple Sales Management System | 2025-03-25 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 sales management system 1.0, allows attackers to execute arbitrary code via the product_name and product_price inputs in file print.php. | ||||
| CVE-2023-23011 | 1 Invoiceplane | 1 Invoiceplane | 2025-03-25 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filter_product input to file modal_product_lookups.php. | ||||
| CVE-2022-47418 | 1 Logicaldoc | 1 Logicaldoc | 2025-03-25 | 5.4 Medium |
| LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document version comments. | ||||
| CVE-2022-47417 | 1 Logicaldoc | 1 Logicaldoc | 2025-03-25 | 5.4 Medium |
| LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document file name. | ||||
| CVE-2022-47415 | 1 Logicaldoc | 1 Logicaldoc | 2025-03-25 | 5.4 Medium |
| LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app messaging system (both subject and message bodies). | ||||
| CVE-2022-47414 | 1 Openkm | 1 Openkm | 2025-03-25 | 5.4 Medium |
| If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document "note" functionality. | ||||
| CVE-2022-47413 | 1 Openkm | 1 Openkm | 2025-03-25 | 5.4 Medium |
| Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or "Type II") XSS condition. | ||||
| CVE-2022-47412 | 1 Onlyoffice | 1 Workspace | 2025-03-25 | 5.4 Medium |
| Given a malicious document provided by an attacker, the ONLYOFFICE Workspace DMS is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition. | ||||
| CVE-2022-45755 | 1 Eyoucms | 1 Eyoucms | 2025-03-25 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary code via the home page description on the basic information page. | ||||