Export limit exceeded: 351226 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45979 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45979 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23941 | 1 Group-office | 1 Group Office | 2025-06-04 | 5.4 Medium |
| Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. | ||||
| CVE-2024-23453 | 1 Spooncast | 1 Spoon | 2025-06-04 | 5.5 Medium |
| Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service. | ||||
| CVE-2024-23172 | 1 Mediawiki | 1 Mediawiki | 2025-06-04 | 5.4 Medium |
| An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog. | ||||
| CVE-2024-23031 | 1 Eyoucms | 1 Eyoucms | 2025-06-04 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. | ||||
| CVE-2022-37137 | 1 Techvill | 1 Paymoney | 2025-06-04 | 5.4 Medium |
| PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the view ticket function. | ||||
| CVE-2024-13252 | 1 Tacjs Project | 1 Tacjs | 2025-06-04 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal TacJS allows Cross-Site Scripting (XSS).This issue affects TacJS: from 0.0.0 before 6.5.0. | ||||
| CVE-2025-48483 | 1 Freescout | 1 Freescout | 2025-06-04 | 5.4 Medium |
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data during mail signature sanitization. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user's browser, allowing them to steal sensitive data, hijack user sessions, or conduct other malicious activities. Additionally, if an administrator accesses one of these emails with a modified signature, it could result in a subsequent Cross-Site Request Forgery (CSRF) vulnerability. This issue has been patched in version 1.8.180. | ||||
| CVE-2025-48484 | 1 Freescout | 1 Freescout | 2025-06-04 | 5.4 Medium |
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data in the conversation POST data body. This issue has been patched in version 1.8.178. | ||||
| CVE-2024-13247 | 1 Coffee Project | 1 Coffee | 2025-06-04 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Coffee allows Cross-Site Scripting (XSS).This issue affects Coffee: from 0.0.0 before 1.4.0. | ||||
| CVE-2025-31679 | 1 Ignition Error Pages Project | 1 Ignition Error Pages | 2025-06-04 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Ignition Error Pages allows Cross-Site Scripting (XSS).This issue affects Ignition Error Pages: from 0.0.0 before 1.0.4. | ||||
| CVE-2023-5958 | 1 Wpexperts | 1 Post Smtp | 2025-06-04 | 6.1 Medium |
| The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users. | ||||
| CVE-2025-48485 | 1 Freescout | 1 Freescout | 2025-06-04 | 5.4 Medium |
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data when an authenticated user updates the profile of an arbitrary customer. This issue has been patched in version 1.8.180. | ||||
| CVE-2024-23553 | 1 Hcltech | 1 Bigfix Platform | 2025-06-03 | 3 Low |
| A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute. | ||||
| CVE-2024-22241 | 1 Vmware | 1 Aria Operations For Networks | 2025-06-03 | 4.3 Medium |
| Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account. | ||||
| CVE-2024-22238 | 1 Vmware | 1 Aria Operations For Networks | 2025-06-03 | 6.4 Medium |
| Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization. | ||||
| CVE-2024-1143 | 1 Linecorp | 1 Central Dogma | 2025-06-03 | 9.3 Critical |
| Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass. | ||||
| CVE-2023-50933 | 1 Ibm | 1 Powersc | 2025-06-03 | 6.1 Medium |
| IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 275113. | ||||
| CVE-2023-37531 | 1 Hcltech | 1 Bigfix Platform | 2025-06-03 | 3.3 Low |
| A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access. | ||||
| CVE-2023-37530 | 1 Hcltech | 1 Bigfix Platform | 2025-06-03 | 3 Low |
| A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. | ||||
| CVE-2023-37529 | 1 Hcltech | 1 Bigfix Platform | 2025-06-03 | 3 Low |
| A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerability as identified in CVE-2023-37530. | ||||