Export limit exceeded: 360315 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46873 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25603 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-01-28 | 9 Critical |
| Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the instanceId parameter. | ||||
| CVE-2024-26266 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-01-28 | 9 Critical |
| Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the first/middle/last name text field of the user who creates an entry in the (1) Announcement widget, or (2) Alerts widget. | ||||
| CVE-2024-25151 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-01-28 | 5.4 Medium |
| The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote authenticated users to inject arbitrary web script or HTML via the title of a calendar event or the user's name. This may lead to a content spoofing or cross-site scripting (XSS) attacks depending on the capability of the receiver's mail client. | ||||
| CVE-2023-27918 | 1 Tms-outsource | 1 Amelia | 2025-01-27 | 6.1 Medium |
| Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by having a user who is logging in the WordPress where the product is installed visit a malicious URL. | ||||
| CVE-2023-27888 | 1 Sitebridge | 1 Joruri Gw | 2025-01-27 | 5.4 Medium |
| Cross-site scripting vulnerability in Joruri Gw Ver 3.2.5 and earlier allows a remote authenticated attacker to inject an arbitrary script via Message Memo function of the affected product. | ||||
| CVE-2023-30354 | 1 Tenda | 2 Cp3, Cp3 Firmware | 2025-01-27 | 9.8 Critical |
| Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be inserted for console access. | ||||
| CVE-2023-30352 | 1 Tenda | 2 Cp3, Cp3 Firmware | 2025-01-27 | 9.8 Critical |
| Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for the RTSP feed. | ||||
| CVE-2023-30351 | 1 Tenda | 2 Cp3, Cp3 Firmware | 2025-01-27 | 7.5 High |
| Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. This vulnerability allows attackers to connect to the TELNET service (or UART) by using the exposed credentials. | ||||
| CVE-2023-2614 | 1 Pimcore | 1 Pimcore | 2025-01-27 | 5.4 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2023-2615 | 1 Pimcore | 1 Pimcore | 2025-01-27 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2023-2616 | 1 Pimcore | 1 Pimcore | 2025-01-27 | 5.4 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2023-2630 | 1 Pimcore | 1 Pimcore | 2025-01-27 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2024-36374 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | 4.6 Medium |
| In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible | ||||
| CVE-2024-36373 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | 4.6 Medium |
| In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible | ||||
| CVE-2024-36372 | 1 Jetbrains | 1 Teamcity | 2025-01-27 | 4.6 Medium |
| In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible | ||||
| CVE-2024-28781 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-01-27 | 5.4 Medium |
| IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285654. | ||||
| CVE-2022-26888 | 1 Intel | 1 Quartus Prime | 2025-01-27 | 2.8 Low |
| Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2023-32070 | 1 Xwiki | 2 Rendering, Xwiki | 2025-01-27 | 9.1 Critical |
| XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting (XSS) attacks via attributes and link URLs, e.g., supported in XWiki syntax. This has been patched in XWiki 14.6-rc-1. There are no known workarounds apart from upgrading to a fixed version. | ||||
| CVE-2023-30256 | 1 Webkul | 1 Qloapps | 2025-01-27 | 6.1 Medium |
| Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file. | ||||
| CVE-2023-28358 | 1 Rocket.chat | 1 Rocket.chat | 2025-01-27 | 6.1 Medium |
| A vulnerability has been discovered in Rocket.Chat where a markdown parsing issue in the "Search Messages" feature allows the insertion of malicious tags. This can be exploited on servers with content security policy disabled possible leading to some issues attacks like account takeover. | ||||