Export limit exceeded: 10040 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46010 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46010 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3834 | 1 Google Forms Project | 1 Google Forms | 2025-04-25 | 4.8 Medium |
| The Google Forms WordPress plugin through 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-45472 | 1 Caehealthcare | 1 Learningspace Enterprise | 2025-04-25 | 5.4 Medium |
| CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related to ontouchmove and onpointerup. | ||||
| CVE-2022-45040 | 1 Wbce | 1 Wbce Cms | 2025-04-25 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field. | ||||
| CVE-2022-45038 | 1 Wbce | 1 Wbce Cms | 2025-04-25 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. | ||||
| CVE-2022-45037 | 1 Wbce | 1 Wbce Cms | 2025-04-25 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field. | ||||
| CVE-2022-45036 | 1 Wbce | 1 Wbce Cms | 2025-04-25 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field. | ||||
| CVE-2021-39343 | 1 Mpl-publisher | 1 Mpl-publisher | 2025-04-25 | 5.5 Medium |
| The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/libs/PublisherController.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.30.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | ||||
| CVE-2022-43561 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-04-25 | 6.4 Medium |
| In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, a remote user that holds the “power” Splunk role can store arbitrary scripts that can lead to persistent cross-site scripting (XSS). The vulnerability affects instances with Splunk Web enabled. | ||||
| CVE-2024-25344 | 1 Itflow | 1 Itflow | 2025-04-25 | 6.1 Medium |
| Cross Site Scripting vulnerability in ITFlow.org before commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 allows a remtoe attacker to execute arbitrary code and obtain sensitive information via the settings.php, settings+company.php, settings_defaults.php,settings_integrations.php, settings_invoice.php, settings_localization.php, settings_mail.php components. | ||||
| CVE-2022-4068 | 1 Librenms | 1 Librenms | 2025-04-25 | 5.4 Medium |
| A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin's account. | ||||
| CVE-2022-42099 | 1 Klik Project | 1 Klik | 2025-04-25 | 5.4 Medium |
| KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input. | ||||
| CVE-2022-37721 | 1 Pyrocms | 1 Pyrocms | 2025-04-25 | 9 Critical |
| PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting (XSS_ when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation. | ||||
| CVE-2022-37720 | 1 Orchardcore | 1 Orchard Cms | 2025-04-25 | 9 Critical |
| Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is loaded in the victim's browser. | ||||
| CVE-2022-0698 | 1 Microweber | 1 Microweber | 2025-04-25 | 6.1 Medium |
| Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter. | ||||
| CVE-2022-29827 | 1 Mitsubishielectric | 1 Gx Works3 | 2025-04-25 | 6.8 Medium |
| Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers may view programs and project files or execute programs illegally. | ||||
| CVE-2022-29828 | 1 Mitsubishielectric | 1 Gx Works3 | 2025-04-25 | 6.8 Medium |
| Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers may view programs and project file or execute programs illegally. | ||||
| CVE-2022-29831 | 1 Mitsubishielectric | 1 Gx Works3 | 2025-04-25 | 7.5 High |
| Use of Hard-coded Password vulnerability in Mitsubishi Electric Corporation GX Works3 versions from 1.015R to 1.095Z allows a remote unauthenticated attacker to obtain information about the project file for MELSEC safety CPU modules. | ||||
| CVE-2022-42100 | 1 Klik Project | 1 Klik | 2025-04-25 | 5.4 Medium |
| KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form. | ||||
| CVE-2022-44279 | 1 Garage Management System Project | 1 Garage Management System | 2025-04-25 | 6.1 Medium |
| Garage Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /garage/php_action/createBrand.php. | ||||
| CVE-2022-39240 | 1 Mygraph Project | 1 Mygraph | 2025-04-25 | 5.4 Medium |
| MyGraph is a permission management system. Versions prior to 1.0.4 are vulnerable to a storage XSS vulnerability leading to Remote Code Execution. This issue is patched in version 1.0.4. There is no known workaround. | ||||