Export limit exceeded: 351453 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46005 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46005 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25974 | 1 Publify Project | 1 Publify | 2025-04-30 | 5.4 Medium |
| In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article. | ||||
| CVE-2021-25975 | 1 Publify Project | 1 Publify | 2025-04-30 | 5.4 Medium |
| In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file. | ||||
| CVE-2025-1524 | 1 Davidvongries | 1 Ultimate Dashboard | 2025-04-30 | 3.5 Low |
| The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2025-1525 | 1 Davidvongries | 1 Ultimate Dashboard | 2025-04-30 | 3.5 Low |
| The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2021-25982 | 1 Darwin | 1 Factor | 2025-04-30 | 6.1 Medium |
| In Factor (App Framework & Headless CMS) forum plugin, versions 1.3.5 to 1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “search” parameter in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies. | ||||
| CVE-2021-25983 | 1 Darwin | 1 Factor | 2025-04-30 | 6.1 Medium |
| In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.8 to v1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “tags” and “category” parameters in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies. | ||||
| CVE-2021-25984 | 1 Darwin | 1 Factor | 2025-04-30 | 6.1 Medium |
| In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.3 to v1.8.30, are vulnerable to stored Cross-Site Scripting (XSS) at the “post reply” section. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies. | ||||
| CVE-2021-25986 | 1 Django-wiki Project | 1 Django-wiki | 2025-04-30 | 5.4 Medium |
| In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript. | ||||
| CVE-2021-25987 | 1 Hexo | 1 Hexo | 2025-04-30 | 5 Medium |
| Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code. | ||||
| CVE-2021-25967 | 1 Okfn | 1 Ckan | 2025-04-30 | 5.4 Medium |
| In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. This allows low privileged application users to store malicious scripts in their profile picture. These scripts are executed in a victim’s browser when they open the malicious profile picture | ||||
| CVE-2021-25988 | 1 If-me | 1 Ifme | 2025-04-30 | 5.4 Medium |
| In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin. | ||||
| CVE-2021-25989 | 1 If-me | 1 Ifme | 2025-04-30 | 5.4 Medium |
| In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. It can be exploited by making a victim a Leader of a group which triggers the payload for them. | ||||
| CVE-2021-25990 | 1 If-me | 1 Ifme | 2025-04-30 | 5.4 Medium |
| In “ifme”, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads fetched via an iframe. | ||||
| CVE-2021-25993 | 1 Requarks | 1 Wiki.js | 2025-04-30 | 5.4 Medium |
| In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker’s server and will lead to account takeover when accessed by the victim. | ||||
| CVE-2022-34315 | 1 Ibm | 1 Cics Tx | 2025-04-30 | 5.4 Medium |
| IBM CICS TX 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229451. | ||||
| CVE-2022-45380 | 2 Jenkins, Redhat | 2 Junit, Openshift | 2025-04-30 | 5.4 Medium |
| Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-43694 | 1 Concretecms | 1 Concrete Cms | 2025-04-30 | 6.1 Medium |
| Concrete CMS (formerly concrete5) below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output. | ||||
| CVE-2022-42954 | 1 Keyfactor | 1 Kefactor Ejbca | 2025-04-30 | 5.4 Medium |
| Keyfactor EJBCA before 7.10.0 allows XSS. | ||||
| CVE-2022-42119 | 1 Liferay | 2 Dxp, Liferay Portal | 2025-04-30 | 5.4 Medium |
| Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8. | ||||
| CVE-2022-36432 | 1 Amasty | 1 Blog Pro | 2025-04-30 | 5.4 Medium |
| The Preview functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 uses eval unsafely. This allows attackers to perform Cross-site Scripting attacks on admin panel users by manipulating the generated preview application response. | ||||