Export limit exceeded: 46892 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46892 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-47877 | 1 Jedox | 1 Jedox | 2025-01-30 | 9.6 Critical |
| A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'. | ||||
| CVE-2023-1861 | 1 Limit Login Attempts Project | 1 Limit Login Attempts | 2025-01-30 | 5.4 Medium |
| The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks | ||||
| CVE-2023-1805 | 1 Pixelyoursite | 1 Product Catalog Feed | 2025-01-30 | 6.1 Medium |
| The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-1804 | 1 Pixelyoursite | 1 Product Catalog Feed | 2025-01-30 | 6.1 Medium |
| The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators. | ||||
| CVE-2023-1614 | 1 Wp Custom Author Url Project | 1 Wp Custom Author Url | 2025-01-30 | 4.8 Medium |
| The WP Custom Author URL WordPress plugin before 1.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2023-1554 | 1 Fullworksplugins | 1 Quick Paypal Payments | 2025-01-30 | 4.8 Medium |
| The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-1546 | 1 Plainviewplugins | 1 Mycryptocheckout | 2025-01-30 | 6.1 Medium |
| The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting | ||||
| CVE-2023-1525 | 1 Geminilabs | 1 Site Reviews | 2025-01-30 | 4.8 Medium |
| The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2023-1090 | 1 Smtp Mailing Queue Project | 1 Smtp Mailing Queue | 2025-01-30 | 4.8 Medium |
| The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-1021 | 1 Amr-ical-events-list Project | 1 Amr-ical-events-list | 2025-01-30 | 4.8 Medium |
| The amr ical events lists WordPress plugin through 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2023-0891 | 1 Codestag | 1 Stagtools | 2025-01-30 | 5.4 Medium |
| The StagTools WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2023-1384 | 2 Amazon, Bestbuy | 3 Fire Os, Fire Tv Stick 3rd Gen, Insignia Tv | 2025-01-30 | 4.3 Medium |
| The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS versions prior to 7.6.3.3. | ||||
| CVE-2024-9672 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2025-01-30 | 5.4 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. This issue can be used to execute specially created JavaScript payloads in the browser. A user must click on a malicious link for this issue to occur. | ||||
| CVE-2023-24744 | 1 Rediker | 1 Adminplus | 2025-01-29 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Rediker Software AdminPlus 6.1.91.00 allows remote attackers to run arbitrary code via the onload function within the application DOM. | ||||
| CVE-2023-1836 | 1 Gitlab | 1 Gitlab | 2025-01-29 | 4.4 Medium |
| A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in "raw" mode, it can be made to render as HTML if viewed under specific circumstances | ||||
| CVE-2024-22359 | 1 Ibm | 2 Devops Deploy, Urbancode Deploy | 2025-01-29 | 6.1 Medium |
| IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280897. | ||||
| CVE-2024-49806 | 1 Ibm | 1 Security Verify Access | 2025-01-29 | 9.4 Critical |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | ||||
| CVE-2024-49805 | 1 Ibm | 1 Security Verify Access | 2025-01-29 | 9.4 Critical |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | ||||
| CVE-2023-31799 | 1 Chamilo | 1 Chamilo Lms | 2025-01-29 | 4.8 Medium |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter. | ||||
| CVE-2023-30334 | 1 Asmbb Project | 1 Asmbb | 2025-01-29 | 6.1 Medium |
| AsmBB v2.9.1 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the MiniMag.asm and bbcode.asm libraries. | ||||