Export limit exceeded: 46995 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46995 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1359 | 1 Gadget Works Online Ordering System Project | 1 Gadget Works Online Ordering System | 2025-02-27 | 2.4 Low |
| A vulnerability has been found in SourceCodester Gadget Works Online Ordering System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /philosophy/admin/user/controller.php?action=add of the component Add New User. The manipulation of the argument U_NAME leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222862 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-23326 | 1 Avantfax | 1 Avantfax | 2025-02-27 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an administrator's session cookie and hijacking their session. | ||||
| CVE-2023-0746 | 1 Gigamon | 1 Gigavue-os | 2025-02-27 | 6.3 Medium |
| The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. An attacker could enforce a user into inserting malicious JavaScript code into the URI, that could lead to a Reflected Cross site Scripting. | ||||
| CVE-2023-1320 | 1 Enhancesoft | 1 Osticket | 2025-02-27 | 6.1 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. | ||||
| CVE-2023-0021 | 1 Sap | 1 Netweaver | 2025-02-27 | 6.1 Medium |
| Due to insufficient encoding of user input, SAP NetWeaver - versions 700, 701, 702, 731, 740, 750, allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password, which could lead to reflected Cross-Site scripting. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application. | ||||
| CVE-2023-1536 | 1 Answer | 1 Answer | 2025-02-27 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7. | ||||
| CVE-2023-1527 | 1 Corebos | 1 Corebos | 2025-02-27 | 5.4 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/corebos prior to 8.0. | ||||
| CVE-2024-4293 | 1 Phpgurukul | 1 Doctor Appointment Management System | 2025-02-27 | 3.5 Low |
| A vulnerability classified as problematic was found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file appointment-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262225 was assigned to this vulnerability. | ||||
| CVE-2023-0844 | 1 Kibokolabs | 1 Namaste\! Lms | 2025-02-27 | 4.8 Medium |
| The Namaste! LMS WordPress plugin before 2.6 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2023-0538 | 1 Campaign Url Builder Project | 1 Campaign Url Builder | 2025-02-27 | 5.4 Medium |
| The Campaign URL Builder WordPress plugin before 1.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2023-0172 | 1 Saas.group | 1 Juicer | 2025-02-27 | 5.4 Medium |
| The Juicer WordPress plugin before 1.11 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2023-0073 | 1 Client Logo Carousel Project | 1 Client Logo Carousel | 2025-02-27 | 5.4 Medium |
| The Client Logo Carousel WordPress plugin through 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2022-4661 | 1 Themelocation | 1 Widgets For Woocommerce Products On Elementor | 2025-02-27 | 5.4 Medium |
| The Widgets for WooCommerce Products on Elementor WordPress plugin before 1.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2022-4466 | 1 Connekthq | 1 Ajax Load More | 2025-02-27 | 5.4 Medium |
| The WordPress Infinite Scroll WordPress plugin before 5.6.0.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-0219 | 1 Wpmanageninja | 1 Fluentsmtp | 2025-02-27 | 5.4 Medium |
| The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks (XSS) when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML. | ||||
| CVE-2023-24279 | 1 Opennetworking | 1 Onos | 2025-02-27 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard. | ||||
| CVE-2023-25593 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-02-27 | 7.1 High |
| Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | ||||
| CVE-2023-25592 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-02-27 | 7.1 High |
| Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | ||||
| CVE-2023-26457 | 1 Sap | 1 Content Server | 2025-02-27 | 6.1 Medium |
| SAP Content Server - version 7.53, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can read and modify some sensitive information but cannot delete the data. | ||||
| CVE-2024-2247 | 1 Jfrog | 1 Artifactory | 2025-02-27 | 8.8 High |
| JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override mechanism. | ||||