Search Results (47100 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-0810 1 Btcpayserver 1 Btcpayserver 2025-03-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.11.
CVE-2023-0025 1 Sap 1 Solution Manager 2025-03-21 6.5 Medium
SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources.
CVE-2023-24521 1 Sap 1 Netweaver As Abap Business Server Pages 2025-03-21 6.1 Medium
Due to insufficient input sanitization, SAP NetWeaver AS ABAP (BSP Framework) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application.
CVE-2024-44683 1 Seacms 1 Seacms 2025-03-20 6.1 Medium
Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php.
CVE-2024-41937 1 Apache 1 Airflow 2025-03-20 6.1 Medium
Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the provider link. Users should upgrade to 2.10.0 or later, which fixes this vulnerability.
CVE-2024-40599 1 Mediawiki 1 Mediawiki 2025-03-20 4.8 Medium
An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.
CVE-2024-38953 1 Phpok 1 Phpok 2025-03-20 6.1 Medium
phpok 6.4.003 contains a Cross Site Scripting (XSS) vulnerability in the ok_f() method under the framework/api/upload_control.php file.
CVE-2023-22376 1 Planex 2 Cs-wmv02g, Cs-wmv02g Firmware 2025-03-20 6.1 Medium
Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to inject arbitrary script to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer.
CVE-2022-4905 1 Udx 1 Stateless Media Plugin 2025-03-20 3.5 Low
A vulnerability was found in UDX Stateless Media Plugin 3.1.1 on WordPress. It has been declared as problematic. This vulnerability affects the function setup_wizard_interface of the file lib/classes/class-settings.php. The manipulation of the argument settings leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.2.0 is able to address this issue. The patch is identified as 6aee7ae0b0beeb2232ce6e1c82aa7e2041ae151a. It is recommended to upgrade the affected component. VDB-220750 is the identifier assigned to this vulnerability.
CVE-2023-24522 1 Sap 1 Netweaver Application Server Abap 2025-03-20 6.1 Medium
Due to insufficient input sanitization, SAP NetWeaver AS ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the unintended data. This may lead to a limited impact on the confidentiality and the integrity of the application.
CVE-2023-24525 1 Sap 2 Customer Relationship Management Webclient Ui, S4fnd 2025-03-20 4.3 Medium
SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an authenticated attacker can cause limited impact on confidentiality of the application.
CVE-2023-24529 1 Sap 1 Netweaver As Abap Business Server Pages 2025-03-20 6.1 Medium
Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.
CVE-2023-25614 1 Sap 1 Netweaver Application Server Abap 2025-03-20 6.1 Medium
SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network. On successful exploitation it can gain access to the sensitive information which leads to a limited impact on the confidentiality and the integrity of the application.
CVE-2023-42307 1 Code-projects 1 Exam Form Submission 2025-03-20 6.1 Medium
Cross Site Scripting (XSS) vulnerability in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via "Subject Name" and "Subject Code" section.
CVE-2024-28128 1 Cleancoder 1 Fitnesse 2025-03-20 6.1 Medium
Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter.
CVE-2023-21434 1 Samsung 1 Galaxy Store 2025-03-20 6.2 Medium
Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page.
CVE-2023-0024 1 Sap 1 Solution Manager 2025-03-20 6.5 Medium
SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources, resulting in Cross-Site Scripting vulnerability.
CVE-2023-23852 1 Sap 1 Solution Manager 2025-03-20 6.1 Medium
SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2023-0827 1 Pimcore 1 Pimcore 2025-03-20 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 1.5.17.
CVE-2023-23858 1 Sap 1 Netweaver Application Server Abap 2025-03-20 6.1 Medium
Due to insufficient input validation, SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to send a crafted URL to a user, and by clicking the URL, the tricked user accesses SAP and might be directed with the response to somewhere out-side SAP and enter sensitive data. This could cause a limited impact on confidentiality and integrity of the application.