Export limit exceeded: 18629 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45340 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45340 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-37535 | 1 Hcltech | 1 Domino Leap | 2025-10-30 | 7.1 High |
| Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters. | ||||
| CVE-2024-11182 | 1 Mdaemon | 1 Mdaemon | 2025-10-30 | 6.1 Medium |
| An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window. | ||||
| CVE-2023-5631 | 3 Debian, Fedoraproject, Roundcube | 3 Debian Linux, Fedora, Webmail | 2025-10-30 | 6.1 Medium |
| Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code. | ||||
| CVE-2025-12333 | 2 Code-projects, Fabian | 2 E-commerce Website, E-commerce Website | 2025-10-30 | 4.3 Medium |
| A vulnerability has been found in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/supplier_add.php. The manipulation of the argument supp_name/supp_address leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-3272 | 1 Dlink | 40 Dnr-202l, Dnr-202l Firmware, Dnr-322l and 37 more | 2025-10-30 | 9.8 Critical |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. | ||||
| CVE-2025-50055 | 1 Openvpn | 2 Openvpn, Openvpn Access Server | 2025-10-30 | 6.4 Medium |
| Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endpoint servers to inject arbitrary web script or HTML via the RelayState parameter | ||||
| CVE-2025-2161 | 2 Pega, Pegasystems | 2 Pega Platform, Pega Infinity | 2025-10-30 | 7.1 High |
| Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup | ||||
| CVE-2025-2160 | 2 Pega, Pegasystems | 2 Pega Platform, Pega Infinity | 2025-10-30 | 8.1 High |
| Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup | ||||
| CVE-2025-32809 | 1 Wwnorton | 1 Inquizitive | 2025-10-30 | 6.4 Medium |
| W. W. Norton InQuizitive through 2025-04-08 allows students to conduct stored XSS attacks against educators via a bonus description, feedback.choice_fb[], or question_id. | ||||
| CVE-2025-8848 | 1 Librechat | 1 Librechat | 2025-10-30 | 5.4 Medium |
| A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header, arbitrary HTML can be injected into the <html lang=""> tag of the response. This can lead to potential security risks such as cross-site scripting (XSS) attacks. | ||||
| CVE-2023-36800 | 1 Microsoft | 1 Dynamics 365 | 2025-10-30 | 7.6 High |
| Dynamics Finance and Operations Cross-site Scripting Vulnerability | ||||
| CVE-2023-38164 | 1 Microsoft | 1 Dynamics 365 | 2025-10-30 | 7.6 High |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2023-36886 | 1 Microsoft | 1 Dynamics 365 | 2025-10-30 | 7.6 High |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2025-62528 | 1 Taguette | 1 Taguette | 2025-10-30 | 5.4 Medium |
| Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0. | ||||
| CVE-2025-10869 | 1 Oct8ne | 1 Chatbot | 2025-10-30 | 6.1 Medium |
| Stored Cross-site Scripting (XSS) in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user, through /Data/SaveInteractions. | ||||
| CVE-2025-55033 | 2 Apple, Mozilla | 3 Ios, Firefox Focus, Focus For Ios | 2025-10-30 | 6.1 Medium |
| Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks This vulnerability affects Focus for iOS < 142. | ||||
| CVE-2024-43573 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2025-10-30 | 6.5 Medium |
| Windows MSHTML Platform Spoofing Vulnerability | ||||
| CVE-2024-12374 | 1 Automatic1111 | 1 Stable-diffusion-webui | 2025-10-30 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in automatic1111/stable-diffusion-webui version git 82a973c. An attacker can upload an HTML file, which the application interprets as content-type application/html. If a victim accesses the malicious link, it will execute arbitrary JavaScript in the victim's browser. | ||||
| CVE-2025-12290 | 1 Sui Shang Information Technology | 1 Multi-user Mall System | 2025-10-30 | 4.3 Medium |
| A vulnerability has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this issue is some unknown functionality of the file /i/359. The manipulation of the argument keywords leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-12289 | 1 Sui Shang Information Technology | 1 Multi-user Mall System | 2025-10-30 | 4.3 Medium |
| A flaw has been found in Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. Affected by this vulnerability is an unknown functionality of the file /Point/index/activity_state/1/category_id/1001. Executing manipulation of the argument category_id can lead to cross site scripting. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||