Export limit exceeded: 47135 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47135 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43526 | 1 Arubanetworks | 1 Aruba Edgeconnect Enterprise Orchestrator | 2025-04-10 | 6.1 Medium |
| Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned. | ||||
| CVE-2022-43525 | 1 Arubanetworks | 1 Aruba Edgeconnect Enterprise Orchestrator | 2025-04-10 | 6.1 Medium |
| Multiple vulnerabilities within the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned. | ||||
| CVE-2022-43532 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-10 | 8 High |
| A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | ||||
| CVE-2022-43524 | 1 Arubanetworks | 1 Aruba Edgeconnect Enterprise Orchestrator | 2025-04-10 | 8.7 High |
| A vulnerability in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned. | ||||
| CVE-2022-38723 | 1 Gravitee | 1 Api Management | 2025-04-10 | 8.6 High |
| Gravitee API Management before 3.15.13 allows path traversal through HTML injection. | ||||
| CVE-2022-47618 | 1 Meritlilin | 4 Ah55b04, Ah55b04 Firmware, Ah55b08 and 1 more | 2025-04-10 | 9.8 Critical |
| Merit LILIN AH55B04 & AH55B08 DVR firm has hard-coded administrator credentials. An unauthenticated remote attacker can use these credentials to log in administrator page, to manipulate system or disrupt service. | ||||
| CVE-2021-46026 | 1 Wangl1989 | 1 Mysiteforme | 2025-04-10 | 5.4 Medium |
| mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting (XSS) via the add blog tag function in the blog tag in the background blog management. | ||||
| CVE-2022-42710 | 1 Niceforyou | 2 Linear Emerge E3 Access Control, Linear Emerge E3 Access Control Firmware | 2025-04-10 | 5.4 Medium |
| Nice (formerly Nortek) Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e devices are vulnerable to Stored Cross-Site Scripting (XSS). | ||||
| CVE-2025-30362 | 1 Wegia | 1 Wegia | 2025-04-10 | 5.4 Medium |
| WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.2.8. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently stored on the server and executed whenever a compromised page is loaded, affecting all users accessing this page. Version 3.2.8 fixes the issue. | ||||
| CVE-2025-30363 | 1 Wegia | 1 Wegia | 2025-04-10 | 5.4 Medium |
| WeGIA is a Web manager for charitable institutions. A stored Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.2.6. This vulnerability allows unauthorized scripts to be executed within the user's browser context. Stored XSS is particularly critical, as the malicious code is permanently stored on the server and executed whenever a compromised page is loaded, affecting all users accessing this page. Version 3.2.6 fixes the issue. | ||||
| CVE-2021-29107 | 1 Esri | 1 Arcgis Server | 2025-04-10 | 6.1 Medium |
| A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application. | ||||
| CVE-2021-29106 | 1 Esri | 1 Arcgis Server | 2025-04-10 | 6.1 Medium |
| A reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser. | ||||
| CVE-2021-29105 | 1 Esri | 1 Arcgis Server | 2025-04-10 | 5.4 Medium |
| A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and below may allow a remote authenticated attacker to pass and store malicious strings in the ArcGIS Services Directory. | ||||
| CVE-2021-29103 | 1 Esri | 1 Arcgis Server | 2025-04-10 | 6.1 Medium |
| A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser. | ||||
| CVE-2021-29104 | 1 Esri | 1 Arcgis Server | 2025-04-10 | 6.1 Medium |
| A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application. | ||||
| CVE-2021-29109 | 1 Esri | 1 Portal For Arcgis | 2025-04-10 | 6.1 Medium |
| A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser. | ||||
| CVE-2021-29110 | 1 Esri | 1 Portal For Arcgis | 2025-04-10 | 5.4 Medium |
| Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application. | ||||
| CVE-2021-29116 | 1 Esri | 1 Arcgis Server | 2025-04-10 | 6.1 Medium |
| A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions 10.8.1 and 10.9 (only) feature services may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser. | ||||
| CVE-2022-38186 | 1 Esri | 1 Portal For Arcgis | 2025-04-10 | 6.1 Medium |
| There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. | ||||
| CVE-2022-38190 | 1 Esri | 1 Portal For Arcgis | 2025-04-10 | 6.1 Medium |
| A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser | ||||