Export limit exceeded: 47116 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47116 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-23199 | 1 Librenms | 1 Librenms | 2025-03-25 | 4.6 Medium |
| librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `/ajax_form.php` -> param: descr. Librenms version up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-23200 | 1 Librenms | 1 Librenms | 2025-03-25 | 4.6 Medium |
| librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `ajax_form.php` -> param: state. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-0741 | 1 Answer | 1 Answer | 2025-03-25 | 9.0 Critical |
| Cross-site Scripting (XSS) - DOM in GitHub repository answerdev/answer prior to 1.0.4. | ||||
| CVE-2023-0742 | 1 Answer | 1 Answer | 2025-03-25 | 9.0 Critical |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4. | ||||
| CVE-2025-23201 | 1 Librenms | 1 Librenms | 2025-03-25 | 5.4 Medium |
| librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to Cross-site Scripting (XSS) on the parameters:`/addhost` -> param: community. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-0743 | 1 Answer | 1 Answer | 2025-03-25 | 9.0 Critical |
| Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/answer prior to 1.0.4. | ||||
| CVE-2022-45441 | 1 Zyxel | 2 Nbg-418n, Nbg-418n Firmware | 2025-03-25 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.13)C0, which could allow an attacker to store malicious scripts in the Logs page of the GUI on a vulnerable device. A successful XSS attack could force an authenticated user to execute the stored malicious scripts and then result in a denial-of-service (DoS) condition when the user visits the Logs page of the GUI on the device. | ||||
| CVE-2023-0736 | 1 Wallabag | 1 Wallabag | 2025-03-25 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wallabag prior to 2.5.4. | ||||
| CVE-2018-1533 | 1 Ibm | 1 Engineering Lifecycle Optimization - Publishing | 2025-03-25 | N/A |
| IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142431. | ||||
| CVE-2018-1951 | 1 Ibm | 1 Engineering Lifecycle Optimization - Publishing | 2025-03-25 | N/A |
| IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 153494. | ||||
| CVE-2019-4431 | 1 Ibm | 1 Engineering Lifecycle Optimization - Publishing | 2025-03-25 | 5.4 Medium |
| IBM Rational Publishing Engine 6.0.6 and 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162888. | ||||
| CVE-2018-1534 | 1 Ibm | 1 Engineering Lifecycle Optimization - Publishing | 2025-03-25 | N/A |
| IBM Rational Publishing Engine 6.0.5 and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142432. | ||||
| CVE-2018-1657 | 1 Ibm | 1 Engineering Lifecycle Optimization - Publishing | 2025-03-25 | N/A |
| IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 144883. | ||||
| CVE-2017-1787 | 1 Ibm | 1 Engineering Lifecycle Optimization - Publishing | 2025-03-25 | N/A |
| IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed vulnerability that could allow a local user with administrative privileges to obtain hard coded user credentials. IBM X-Force ID: 137022. | ||||
| CVE-2021-39015 | 3 Ibm, Linux, Microsoft | 4 Engineering Lifecycle Optimization - Publishing, Engineering Lifecycle Optimization Publishing, Linux Kernel and 1 more | 2025-03-25 | 5.4 Medium |
| IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213655. | ||||
| CVE-2024-40101 | 1 Microweber | 1 Microweber | 2025-03-25 | 7.2 High |
| A Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter. | ||||
| CVE-2022-47419 | 1 Mayan-edms | 1 Mayan Edms | 2025-03-25 | 5.4 Medium |
| An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system. | ||||
| CVE-2022-47416 | 1 Logicaldoc | 1 Logicaldoc | 2025-03-25 | 5.4 Medium |
| LogicalDOC Enterprise is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app chat system. | ||||
| CVE-2023-0732 | 1 Oretnom23 | 1 Online Eyewear Shop | 2025-03-25 | 3.5 Low |
| A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is the function registration of the file oews/classes/Users.php of the component POST Request Handler. The manipulation of the argument firstname/middlename/lastname/email/contact leads to cross site scripting. The attack can be launched remotely. The identifier VDB-220369 was assigned to this vulnerability. | ||||
| CVE-2023-0747 | 1 Btcpayserver | 1 Btcpayserver | 2025-03-25 | 5.5 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. | ||||