Export limit exceeded: 46892 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46892 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23647 | 1 Boxbilling | 1 Boxbilling | 2025-01-31 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form. | ||||
| CVE-2020-21643 | 1 Hongcms Project | 1 Hongcms | 2025-01-31 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop. | ||||
| CVE-2023-37936 | 1 Fortinet | 1 Fortiswitch | 2025-01-31 | 9.6 Critical |
| A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests. | ||||
| CVE-2023-28820 | 1 Concretecms | 1 Concrete Cms | 2025-01-31 | 2 Low |
| Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized. | ||||
| CVE-2023-28471 | 1 Concretecms | 1 Concrete Cms | 2025-01-31 | 5.4 Medium |
| Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS via a container name. | ||||
| CVE-2022-41399 | 1 Sage | 1 Sage 300 | 2025-01-31 | 7.5 High |
| The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database. | ||||
| CVE-2022-41398 | 1 Sage | 1 Sage 300 | 2025-01-31 | 7.5 High |
| The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information. | ||||
| CVE-2023-30125 | 1 Eyoucms | 1 Eyoucms | 2025-01-31 | 6.1 Medium |
| EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2024-57386 | 1 Wallosapp | 1 Wallos | 2025-01-31 | 6.1 Medium |
| Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary code via the profile picture function. | ||||
| CVE-2023-31664 | 1 Wso2 | 1 Api Manager | 2025-01-31 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter. | ||||
| CVE-2024-5165 | 1 Eclipse | 1 Ditto | 2025-01-31 | 6.5 Medium |
| In Eclipse Ditto versions 3.0.0 to 3.5.5, the user input of several input fields of the Eclipse Ditto Explorer User Interface https://eclipse.dev/ditto/user-interface.html was not properly neutralized and thus vulnerable to both Reflected and Stored XSS (Cross Site Scripting). Several inputs were not persisted at the backend of Eclipse Ditto, but only in local browser storage to save settings of "environments" of the UI and e.g. the last performed "search queries", resulting in a "Reflected XSS" vulnerability. However, several other inputs were persisted at the backend of Eclipse Ditto, leading to a "Stored XSS" vulnerability. Those mean that authenticated and authorized users at Eclipse Ditto can persist Things in Ditto which can - when being displayed by other users also being authorized to see those Things in the Eclipse Ditto UI - cause scripts to be executed in the browser of other users. | ||||
| CVE-2023-27921 | 1 Jins | 2 Jins Meme, Jins Meme Firmware | 2025-01-31 | 6.5 Medium |
| JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker. | ||||
| CVE-2023-25440 | 1 Civicrm | 1 Civicrm | 2025-01-31 | 5.4 Medium |
| Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field. | ||||
| CVE-2023-2339 | 1 Pimcore | 1 Pimcore | 2025-01-30 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2025-24459 | 1 Jetbrains | 1 Teamcity | 2025-01-30 | 4.6 Medium |
| In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page | ||||
| CVE-2023-30454 | 1 Ebankit | 1 Ebankit | 2025-01-30 | 6.1 Medium |
| An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be passed to an eval() function and executed upon pressing the continue button. | ||||
| CVE-2023-30405 | 1 Aigital | 2 Wireless-n Repeater Mini Router, Wireless-n Repeater Mini Router Firmware | 2025-01-30 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the wl_ssid parameter at /boafrm/formHomeWlanSetup. | ||||
| CVE-2023-30205 | 1 Douphp | 1 Douphp | 2025-01-30 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the unique_id parameter in /admin/article.php. | ||||
| CVE-2022-41400 | 1 Sage | 1 Sage 300 | 2025-01-30 | 9.8 Critical |
| Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings. | ||||
| CVE-2023-24966 | 1 Ibm | 1 Websphere Application Server | 2025-01-30 | 6.1 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246904. | ||||