Export limit exceeded: 44815 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44815 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36605 | 1 Dell | 1 Unity Operating Environment | 2025-08-15 | 6.1 Medium |
| Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | ||||
| CVE-2025-50592 | 1 Seacms | 1 Seacms | 2025-08-15 | 5.4 Medium |
| Cross site scripting vulnerability in seacms before 13.2 via the vid parameter to Upload/js/player/dmplayer/player. | ||||
| CVE-2022-43850 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2025-08-15 | 5.4 Medium |
| IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-49337 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2025-08-15 | 5.4 Medium |
| IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field of an object to inject malicious script into an email which would be executed in a victim's mail client within the security context of the OpenPages mail message. An attacker could use this for phishing or identity theft attacks. | ||||
| CVE-2024-52902 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-08-15 | 8.8 High |
| IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the system. | ||||
| CVE-2024-56341 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2025-08-15 | 5.4 Medium |
| IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2024-28776 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-08-15 | 5.4 Medium |
| IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-46199 | 1 Getgrav | 1 Grav | 2025-08-15 | 9.8 Critical |
| Cross Site Scripting vulnerability in grav v.1.7.48 and before allows an attacker to execute arbitrary code via a crafted script to the form fields | ||||
| CVE-2024-42346 | 1 Galaxyproject | 1 Galaxy | 2025-08-15 | 7.6 High |
| Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All supported branches of Galaxy (and more back to release_20.05) were amended with the supplied patches. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-47075 | 1 Layui | 1 Layui | 2025-08-15 | 6.4 Medium |
| LayUI is a native minimalist modular Web UI component library. Versions prior to 2.9.17 have a DOM Clobbering vulnerability that can lead to Cross-site Scripting (XSS) on web pages where attacker-controlled HTML elements (e.g., `img` tags with unsanitized `name` attributes) are present. Version 2.9.17 fixes this issue. | ||||
| CVE-2025-23227 | 3 Ibm, Linux, Microsoft | 4 Aix, Tivoli Application Dependency Discovery Manager, Linux Kernel and 1 more | 2025-08-15 | 6.4 Medium |
| IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-32932 | 1 Fortinet | 1 Fortisoar | 2025-08-15 | 6.2 Medium |
| An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all versions WEB UI may allow an authenticated remote attacker to perform an XSS attack via stored malicious service requests | ||||
| CVE-2024-54951 | 1 Monicahq | 1 Monica | 2025-08-14 | 5.4 Medium |
| Monica 4.1.2 is vulnerable to Cross Site Scripting (XSS). A malicious user can create a malformed contact and use that contact in the "HOW YOU MET" customization options to trigger the XSS. | ||||
| CVE-2024-57329 | 1 Hortusfox | 1 Hortusfox | 2025-08-14 | 5.4 Medium |
| HortusFox v3.9 contains a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript payloads. | ||||
| CVE-2025-53925 | 1 Emlog | 1 Emlog | 2025-08-14 | 5.4 Medium |
| Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows authenticated remote attackers to inject arbitrary web script or HTML via the file upload functionality. As an authenticated user it is possible to upload an .svg file that contains JavaScript code that is later executed. As of time of publication, no known patched versions exist. | ||||
| CVE-2025-53926 | 1 Emlog | 1 Emlog | 2025-08-14 | 6.1 Medium |
| Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the comment and comname parameters. Reflected XSS requires the victim to send POST requests, therefore the victim must be persuaded into clicking into sent URL. As of time of publication, no known patched versions exist. | ||||
| CVE-2024-52680 | 1 Eyoucms | 1 Eyoucms | 2025-08-14 | 6.1 Medium |
| EyouCMS 1.6.7 is vulnerable to Cross Site Scripting (XSS) in /login.php?m=admin&c=System&a=web&lang=cn. | ||||
| CVE-2025-29014 | 1 Wordpress | 1 Wordpress | 2025-08-14 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomIt FoodMenu allows Reflected XSS. This issue affects FoodMenu: from n/a through 1.20. | ||||
| CVE-2024-10383 | 1 Gitlab | 2 Gitlab, Gitlab-web-ide-vscode-fork | 2025-08-14 | 8.7 High |
| An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was possible when loading .ipynb files in the web IDE | ||||
| CVE-2025-33118 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-08-14 | 6.4 Medium |
| IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 12 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||