Export limit exceeded: 361823 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46980 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1517 | 1 Pimcore | 1 Pimcore | 2025-02-26 | 4.8 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.19. | ||||
| CVE-2023-1248 | 1 Otrs | 1 Otrs | 2025-02-26 | 6.1 Medium |
| Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X before 7.0.42; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | ||||
| CVE-2023-28083 | 2 Hp, Hpe | 162 Integrated Lights-out 4, Integrated Lights-out 5, Integrated Lights-out 6 and 159 more | 2025-02-26 | 8.3 High |
| A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out. | ||||
| CVE-2023-1500 | 1 Code-projects | 1 Simple Art Gallery | 2025-02-26 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file adminHome.php. The manipulation of the argument about_info leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223400. | ||||
| CVE-2023-28606 | 1 Misp-project | 1 Malware Information Sharing Platform | 2025-02-26 | 6.1 Medium |
| js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips. | ||||
| CVE-2023-27711 | 1 Typecho | 1 Typecho | 2025-02-26 | 4.8 Medium |
| Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via the Comment Manager /admin/manage-comments.php component. | ||||
| CVE-2023-24278 | 1 Squidex.io | 1 Squidex | 2025-02-26 | 6.1 Medium |
| Squidex before 7.4.0 was discovered to contain a squid.svg cross-site scripting (XSS) vulnerability. | ||||
| CVE-2023-0370 | 1 Wpbean | 1 Wpb Advanced Faq | 2025-02-26 | 5.4 Medium |
| The WPB Advanced FAQ WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-22288 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2025-02-26 | 6.8 Medium |
| HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails | ||||
| CVE-2024-3358 | 2 Janobe, Sourcecodester | 2 Aplaya Beach Resort Online Reservation System, Aplaya Beach Resort Online Reservation System | 2025-02-26 | 3.5 Low |
| A vulnerability classified as problematic was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument to leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259462 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-3414 | 1 Nelzkie15 | 1 Human Resource Information System | 2025-02-26 | 3.5 Low |
| A vulnerability was found in SourceCodester Human Resource Information System 1.0 and classified as problematic. This issue affects some unknown processing of the file Superadmin_Dashboard/process/addcorporate_process.php. The manipulation of the argument corporate_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259583. | ||||
| CVE-2023-0391 | 1 Mgt-commerce | 1 Cloudpanel | 2025-02-26 | 8.1 High |
| MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1. | ||||
| CVE-2022-45004 | 1 Getgophish | 1 Gophish | 2025-02-26 | 6.1 Medium |
| Gophish through 0.12.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted landing page. | ||||
| CVE-2020-19947 | 1 Markdown Edit Project | 1 Markdown Edit | 2025-02-26 | 9.6 Critical |
| Cross Site Scripting vulnerability found in Markdown Edit allows a remote attacker to execute arbitrary code via the edit parameter of the webpage. | ||||
| CVE-2023-1481 | 1 Monitoring Of Students Cyber Accounts System Project | 1 Monitoring Of Students Cyber Accounts System | 2025-02-26 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Monitoring of Students Cyber Accounts System 1.0. Affected by this issue is some unknown functionality of the file modules/balance/index.php?view=balancelist of the component POST Parameter Handler. The manipulation of the argument id with the input "><script>alert(111)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223364. | ||||
| CVE-2023-26951 | 1 Onekeyadmin | 1 Onekeyadmin | 2025-02-26 | 5.4 Medium |
| onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Member List module. | ||||
| CVE-2023-27131 | 1 Typecho | 1 Typecho | 2025-02-26 | 4.8 Medium |
| Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code viathe Post Editorparameter. | ||||
| CVE-2023-27054 | 1 Mirotalk | 1 Mirotalk P2p | 2025-02-26 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module. | ||||
| CVE-2020-24857 | 1 Inex | 1 Ixp Manager | 2025-02-26 | 6.1 Medium |
| Cross Site Scripting vulnerabilty found in IXPManager v.5.6.0 allows attackers to excute arbitrary code via the looking glass component. | ||||
| CVE-2023-0369 | 1 Gotowp | 1 Gotowp | 2025-02-26 | 5.4 Medium |
| The GoToWP WordPress plugin through 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||