Export limit exceeded: 45581 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45581 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-23800 | 1 Joomla | 1 Joomla\! | 2026-02-25 | 6.1 Medium |
| An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components. | ||||
| CVE-2021-26035 | 1 Joomla | 1 Joomla\! | 2026-02-25 | 6.1 Medium |
| An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the rules field of the JForm API leads to a XSS vulnerability. | ||||
| CVE-2021-23129 | 1 Joomla | 1 Joomla\! | 2026-02-25 | 6.1 Medium |
| An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues. | ||||
| CVE-2022-23801 | 1 Joomla | 1 Joomla\! | 2026-02-25 | 6.1 Medium |
| An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media. | ||||
| CVE-2021-26032 | 1 Joomla | 1 Joomla\! | 2026-02-25 | 6.1 Medium |
| An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors. | ||||
| CVE-2021-23130 | 1 Joomla | 1 Joomla\! | 2026-02-25 | 6.1 Medium |
| An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues. | ||||
| CVE-2021-23124 | 1 Joomla | 1 Joomla\! | 2026-02-25 | 6.1 Medium |
| An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks. | ||||
| CVE-2022-23796 | 1 Joomla | 1 Joomla\! | 2026-02-25 | 6.1 Medium |
| An issue was discovered in Joomla! 3.7.0 through 3.10.6. Lack of input validation could allow an XSS attack using com_fields. | ||||
| CVE-2021-26039 | 1 Joomla | 1 Joomla\! | 2026-02-25 | 6.1 Medium |
| An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability. | ||||
| CVE-2021-26030 | 1 Joomla | 1 Joomla\! | 2026-02-25 | 6.1 Medium |
| An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page | ||||
| CVE-2025-13523 | 1 Mattermost | 1 Confluence | 2026-02-24 | 7.7 High |
| Mattermost Confluence plugin version <1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connection link that, when visited, renders the attacker's display name without proper sanitization. Mattermost Advisory ID: MMSA-2025-00557 | ||||
| CVE-2022-3194 | 1 Dokan | 1 Dokan | 2026-02-24 | 5.4 Medium |
| The Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators. | ||||
| CVE-2025-62326 | 1 Hcltech | 1 Digital Experience | 2026-02-24 | 6.1 Medium |
| HCL Digital Experience is susceptible to stored cross-site scripting (XSS) in the administrative user interface which would require elevated privileges to exploit. | ||||
| CVE-2022-22529 | 1 Sap | 1 Enterprise Threat Detection | 2026-02-24 | 6.1 Medium |
| SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD are using SAP UI5 standard controls, the UI5 framework provides automated output encoding for its standard controls. This output encoding prevents stored malicious user input from being executed when it is reflected in the UI. | ||||
| CVE-2025-65027 | 2 Romm.app, Rommapp | 2 Romm, Romm | 2026-02-24 | 7.6 High |
| RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. RomM contains multiple unrestricted file upload vulnerabilities that allow authenticated users to upload malicious SVG or HTML files. When these files are accessed the browser executes embedded JavaScript, leading to stored Cross-Site Scripting (XSS) which when combined with a CSRF misconfiguration they lead to achieve full administrative account takeover, creating a rogue admin account, escalating the attacker account role to admin, and much more. This vulnerability is fixed in 4.4.1 and 4.4.1-beta.2. | ||||
| CVE-2022-0565 | 1 Pimcore | 1 Pimcore | 2026-02-24 | 7.6 High |
| Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1. | ||||
| CVE-2022-0282 | 1 Microweber | 1 Microweber | 2026-02-24 | 4.3 Medium |
| Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11. | ||||
| CVE-2022-0121 | 1 Hoppscotch | 1 Hoppscotch | 2026-02-24 | 8 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hoppscotch hoppscotch/hoppscotch.This issue affects hoppscotch/hoppscotch before 2.1.1. | ||||
| CVE-2021-41372 | 1 Microsoft | 1 Power Bi Report Server | 2026-02-24 | 7.6 High |
| A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Template file (pbix) containing HTML files is uploaded to the server and HTML files are accessed directly by the victim. Combining these 2 vulnerabilities together, an attacker is able to upload malicious Power BI templates files to the server using the victim's session and run scripts in the security context of the user and perform privilege escalation in case the victim has admin privileges when the victim access one of the HTML files present in the malicious Power BI template uploaded. The security update addresses the vulnerability by helping to ensure that Power BI Report Server properly sanitize file uploads. | ||||
| CVE-2023-30860 | 1 Wwbn | 1 Avideo | 2026-02-24 | 8 High |
| WWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but it does not properly sanitize the malicious characters when creating a Meeting Room. This allows attacker to insert malicious scripts. Since any USER including the ADMIN can see the meeting room that was created by the attacker this can lead to cookie hijacking and takeover of any accounts. Version 12.4 contains a patch for this issue. | ||||