Export limit exceeded: 347853 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45689 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3251 | 1 Xujiangfei | 1 Admintwo | 2025-10-09 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in xujiangfei admintwo 1.0. This affects an unknown part of the file /user/updateSet. The manipulation of the argument motto leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-36013 | 1 Microsoft | 1 Powershell | 2025-10-09 | 6.5 Medium |
| PowerShell Information Disclosure Vulnerability | ||||
| CVE-2023-36016 | 1 Microsoft | 1 Dynamics 365 | 2025-10-09 | 6.2 Medium |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2023-36031 | 1 Microsoft | 1 Dynamics 365 | 2025-10-08 | 7.6 High |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2023-36030 | 1 Microsoft | 1 Dynamics 365 | 2025-10-08 | 6.1 Medium |
| Microsoft Dynamics 365 Sales Spoofing Vulnerability | ||||
| CVE-2023-36007 | 1 Microsoft | 1 Send Customer Voice Survey From Dynamics 365 | 2025-10-08 | 7.6 High |
| Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability | ||||
| CVE-2023-36410 | 1 Microsoft | 1 Dynamics 365 | 2025-10-08 | 7.6 High |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2025-40991 | 1 Creativeitem | 2 Ekushey Crm, Ekushey Project Manager Crm | 2025-10-08 | 5.4 Medium |
| Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_file/upload/xxxx", affecting to "description" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details. | ||||
| CVE-2025-40990 | 1 Creativeitem | 2 Ekushey Crm, Ekushey Project Manager Crm | 2025-10-08 | 5.4 Medium |
| Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_bug/create/xxx", affecting to "title" and "description" parameters via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details. | ||||
| CVE-2025-40989 | 1 Creativeitem | 2 Ekushey Crm, Ekushey Project Manager Crm | 2025-10-08 | 5.4 Medium |
| Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_message/add/xxx", affecting to "message" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details. | ||||
| CVE-2025-30196 | 1 Jenkins | 1 Anchorchain | 2025-10-08 | 6.5 Medium |
| Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the `javascript:` scheme, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control the input file for the Anchor Chain post-build step. | ||||
| CVE-2025-20368 | 1 Splunk | 3 Splunk, Splunk Cloud Platform, Splunk Enterprise | 2025-10-08 | 5.7 Medium |
| In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through the error messages and job inspection details of a saved search. This could result in execution of unauthorized JavaScript code in the browser of a user. | ||||
| CVE-2025-20367 | 1 Splunk | 3 Splunk, Splunk Cloud Platform, Splunk Enterprise | 2025-10-08 | 5.7 Medium |
| In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious payload through the `dataset.command` parameter of the `/app/search/table` endpoint, which could result in execution of unauthorized JavaScript code in the browser of a user. | ||||
| CVE-2025-57145 | 1 Phpgurukul | 1 Auto Taxi Stand Management System | 2025-10-08 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability exists in the search-autootaxi.php endpoint of the ATSMS web application. The application fails to properly sanitize user input submitted through a form field, allowing an attacker to inject arbitrary JavaScript code. The malicious payload is stored in the backend and executed when a user or administrator accesses the affected report page. This allows attackers to exfiltrate session cookies, hijack user sessions, and perform unauthorized actions in the context of the victims browser. | ||||
| CVE-2025-0746 | 1 Thesamur | 1 Embedai | 2025-10-08 | 6.1 Medium |
| A Reflected Cross-Site Scripting vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to craft a malicious URL leveraging the"/embedai/users/show/<SCRIPT>" endpoint to inject the malicious JavaScript code. This JavaScript code will be executed when a user opens the malicious URL. | ||||
| CVE-2025-0747 | 1 Thesamur | 1 Embedai | 2025-10-08 | 8.6 High |
| A Stored Cross-Site Scripting vulnerability has been found in EmbedAI. This vulnerability allows an authenticated attacker to inject a malicious JavaScript code into a message that will be executed when a user opens the chat. | ||||
| CVE-2025-10758 | 1 Htmly | 1 Htmly | 2025-10-08 | 2.4 Low |
| A security vulnerability has been detected in htmly up to 3.1.0. The impacted element is an unknown function of the file /htmly/admin/field/post of the component Custom Field Handler. Such manipulation of the argument label leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-57407 | 1 Gp247 | 1 Gp247 | 2025-10-08 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Admin Log Viewer of S-Cart <=10.0.3 allows a remote authenticated attacker to inject arbitrary web script or HTML via a crafted User-Agent header. The script is executed in an administrator's browser when they view the security log page, which could lead to session hijacking or other malicious actions. | ||||
| CVE-2025-56304 | 1 Yzmcms | 1 Yzmcms | 2025-10-08 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in YzmCMS thru 7.3 via the referer header in the register page. | ||||
| CVE-2025-3019 | 1 Knime | 1 Business Hub | 2025-10-08 | 7.2 High |
| KNIME Business Hub is affected by several cross-site scripting vulnerabilities in its web pages. If a user clicks on a malicious link or opens a malicious web page, arbitrary Java Script may be executed with this user's permissions. This can lead to information loss and/or modification of existing data. The issues are caused by a bug https://github.com/Baroshem/nuxt-security/issues/610 in the widely used nuxt-security module. There are no viable workarounds therefore we strongly recommend to update to one of the following versions of KNIME Business Hub: * 1.13.3 or later * 1.12.4 or later | ||||