Export limit exceeded: 359892 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46823 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46823 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-54048 | 1 Adobe | 1 Connect | 2025-01-15 | 6.1 Medium |
| Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
| CVE-2024-28853 | 1 Ampache | 1 Ampache | 2025-01-15 | 3.9 Low |
| Ampache is a web based audio/video streaming application and file manager. Stored Cross Site Scripting (XSS) vulnerability in ampache before v6.3.1 allows a remote attacker to execute code via a crafted payload to serval parameters in the post request of /preferences.php?action=admin_update_preferences. This vulnerability is fixed in 6.3.1. | ||||
| CVE-2024-54032 | 1 Adobe | 1 Connect | 2025-01-15 | 9.3 Critical |
| Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. | ||||
| CVE-2023-49971 | 2 Oretnom23, Sourcecodester | 2 Customer Support System, Customer Support System | 2025-01-15 | 4.7 Medium |
| A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customer_support/index.php?page=customer_list. | ||||
| CVE-2023-49973 | 1 Oretnom23 | 1 Customer Support System | 2025-01-15 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customer_support/index.php?page=customer_list. | ||||
| CVE-2023-2817 | 1 Craftcms | 1 Craft Cms | 2025-01-15 | 5.4 Medium |
| A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively. | ||||
| CVE-2023-21516 | 1 Samsung | 1 Galaxy Store | 2025-01-15 | 7.5 High |
| XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | ||||
| CVE-2023-37411 | 1 Ibm | 1 Aspera Faspex | 2025-01-14 | 4.8 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260139. | ||||
| CVE-2023-33780 | 1 Invernyx | 1 Smartcars 3 | 2025-01-14 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the body of news article. | ||||
| CVE-2023-38723 | 1 Ibm | 1 Maximo Application Suite | 2025-01-14 | 6.4 Medium |
| IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262192. | ||||
| CVE-2023-45181 | 1 Ibm | 1 Jazz Foundation | 2025-01-14 | 6.1 Medium |
| IBM Jazz Foundation 7.0.2 and below are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2023-33197 | 1 Craftcms | 1 Craft Cms | 2025-01-14 | 5.5 Medium |
| Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6. | ||||
| CVE-2021-43929 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 6.5 Medium |
| Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2018-8917 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | N/A |
| Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter. | ||||
| CVE-2018-13293 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | N/A |
| Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter. | ||||
| CVE-2017-16774 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | N/A |
| Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter. | ||||
| CVE-2023-33196 | 1 Craftcms | 1 Craft Cms | 2025-01-14 | 5.5 Medium |
| Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7. | ||||
| CVE-2023-33194 | 2 Craftcms, Craftercms | 2 Craft Cms, Craftercms | 2025-01-14 | 3.7 Low |
| Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in version 4.4.6. | ||||
| CVE-2023-2009 | 1 Pretty Url Project | 1 Pretty Url | 2025-01-14 | 4.8 Medium |
| Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2023-2947 | 1 Open-emr | 1 Openemr | 2025-01-14 | 4.8 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. | ||||