Export limit exceeded: 45687 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45687 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36800 | 1 Microsoft | 1 Dynamics 365 | 2025-10-30 | 7.6 High |
| Dynamics Finance and Operations Cross-site Scripting Vulnerability | ||||
| CVE-2023-38164 | 1 Microsoft | 1 Dynamics 365 | 2025-10-30 | 7.6 High |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2023-36886 | 1 Microsoft | 1 Dynamics 365 | 2025-10-30 | 7.6 High |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2025-62528 | 1 Taguette | 1 Taguette | 2025-10-30 | 5.4 Medium |
| Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put JavaScript in name or description fields which would run on project load. This issue has been patched in version 1.5.0. | ||||
| CVE-2025-10869 | 1 Oct8ne | 1 Chatbot | 2025-10-30 | 6.1 Medium |
| Stored Cross-site Scripting (XSS) in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the creation of a transcript that is sent by email. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user, through /Data/SaveInteractions. | ||||
| CVE-2024-43573 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2025-10-30 | 6.5 Medium |
| Windows MSHTML Platform Spoofing Vulnerability | ||||
| CVE-2024-12374 | 1 Automatic1111 | 1 Stable-diffusion-webui | 2025-10-30 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in automatic1111/stable-diffusion-webui version git 82a973c. An attacker can upload an HTML file, which the application interprets as content-type application/html. If a victim accesses the malicious link, it will execute arbitrary JavaScript in the victim's browser. | ||||
| CVE-2025-25009 | 1 Elastic | 1 Kibana | 2025-10-30 | 8.7 High |
| Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload. | ||||
| CVE-2025-25017 | 1 Elastic | 1 Kibana | 2025-10-30 | 8.2 High |
| Improper Neutralization of Input During Web Page Generation in Kibana can lead to Cross-Site Scripting (XSS) | ||||
| CVE-2025-52620 | 1 Hcltech | 1 Bigfix Saas | 2025-10-29 | 4.3 Medium |
| HCL BigFix SaaS Authentication Service is affected by a Cross-Site Scripting (XSS) vulnerability. The image upload functionality inadequately validated the submitted image format. | ||||
| CVE-2025-58747 | 1 Langgenius | 1 Dify | 2025-10-29 | 6.1 Medium |
| Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote MCP server. The vulnerability exists in the OAuth flow implementation where the authorization_url provided by a remote MCP server is directly passed to window.open without validation or sanitization. An attacker can craft a malicious MCP server that returns a JavaScript URI (such as javascript:alert(1)) in the authorization_url field, which is then executed when the victim attempts to connect to the MCP server. This allows the attacker to execute arbitrary JavaScript in the context of the Dify application. | ||||
| CVE-2025-8681 | 2 Pega, Pegasystems | 2 Pega Platform, Pega Infinity | 2025-10-29 | 5.5 Medium |
| Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component. Requires a high privileged user with a developer role. | ||||
| CVE-2023-7143 | 1 Fabian | 1 Client Details System | 2025-10-29 | 2.4 Low |
| A vulnerability was found in code-projects Client Details System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/regester.php. The manipulation of the argument fname/lname/email/contact leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249146 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-41299 | 1 Ibm | 1 Transformation Advisor | 2025-10-29 | 4.4 Medium |
| IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 237214. | ||||
| CVE-2025-60302 | 2 Code-projects, Fabian | 2 Client Details System, Client Details System | 2025-10-29 | 6.1 Medium |
| code-projects Client Details System 1.0 is vulnerable to Cross Site Scripting (XSS). When adding customer information, the client details system fills in malicious JavaScript code in the username field. | ||||
| CVE-2024-12211 | 2 Pega, Pegasystems | 2 Pega Platform, Pega Platform | 2025-10-29 | 5.4 Medium |
| Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile. | ||||
| CVE-2024-39594 | 1 Sap | 2 Business Warehouse, Business Warehouse Virtual Comp | 2025-10-29 | 6.1 Medium |
| SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause low impact on the confidentiality and integrity of the application. | ||||
| CVE-2021-31693 | 1 10web | 1 Photo Gallery | 2025-10-29 | 6.1 Medium |
| The 10Web Photo Gallery plugin through 1.5.68 for WordPress allows XSS via album_gallery_id_0, bwg_album_search_0, and type_0 for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-46889. NOTE: VMware information, previously connected to this CVE ID because of a typo, is at CVE-2022-31693. | ||||
| CVE-2024-3575 | 1 Mindsdb | 1 Mindsdb | 2025-10-29 | 6.1 Medium |
| Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb | ||||
| CVE-2024-5410 | 1 Oringnet | 2 Iap-420, Iap-420 Firmware | 2025-10-29 | 5.4 Medium |
| Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below. | ||||