Export limit exceeded: 45986 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45986 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-51732 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2025-06-02 | 6.9 Medium |
| This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the IPsec Tunnel Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system. | ||||
| CVE-2023-51736 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2025-06-02 | 6.9 Medium |
| This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the L2TP/PPTP Username parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system. | ||||
| CVE-2023-51739 | 1 Skyworthdigital | 2 Cm5100, Cm5100 Firmware | 2025-06-02 | 6.9 Medium |
| This vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Device Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system. | ||||
| CVE-2023-6184 | 1 Citrix | 1 Virtual Apps And Desktops | 2025-06-02 | 5 Medium |
| Cross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting | ||||
| CVE-2023-7153 | 1 Macroturk | 1 Macro-bel | 2025-06-02 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Macroturk Software and Internet Technologies Macro-Bel allows Reflected XSS.This issue affects Macro-Bel: before V.1.0.1. | ||||
| CVE-2024-21726 | 1 Joomla | 1 Joomla\! | 2025-06-02 | 6.5 Medium |
| Inadequate content filtering leads to XSS vulnerabilities in various components. | ||||
| CVE-2024-28070 | 1 Mitel | 1 Micontact Center Business | 2025-06-02 | 6.8 Medium |
| A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information and gain unauthorized access. | ||||
| CVE-2024-26468 | 1 Jstrieb | 1 Url Pages | 2025-06-02 | 6.1 Medium |
| A DOM based cross-site scripting (XSS) vulnerability in the component index.html of jstrieb/urlpages before commit 035b647 allows attackers to execute arbitrary Javascript via sending a crafted URL. | ||||
| CVE-2024-26467 | 1 Tabatkins | 1 Railroad-diagram Generator | 2025-06-02 | 6.1 Medium |
| A DOM based cross-site scripting (XSS) vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending a crafted URL. | ||||
| CVE-2024-22569 | 1 Poscms | 1 Poscms | 2025-05-30 | 5.4 Medium |
| Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&is_install_db=0. | ||||
| CVE-2024-6487 | 1 Data443 | 1 Inline Related Posts | 2025-05-30 | 5.9 Medium |
| The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-6021 | 1 Bharatkambariya | 1 Donation Block For Paypal | 2025-05-30 | 6.8 Medium |
| The Donation Block For PayPal WordPress plugin through 2.1.0 does not sanitise and escape form submissions, leading to a stored cross-site scripting vulnerability | ||||
| CVE-2024-3113 | 1 Devsabbirahmed | 1 Simple Form | 2025-05-30 | 5.9 Medium |
| The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin before 2.12.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2024-36782 | 1 Totolink | 2 Cp300, Cp300 Firmware | 2025-05-30 | 9.8 Critical |
| TOTOLINK CP300 V2.0.4-B20201102 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in as root. | ||||
| CVE-2024-34000 | 1 Moodle | 1 Moodle | 2025-05-30 | 4.3 Medium |
| ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS risk. | ||||
| CVE-2024-33998 | 1 Moodle | 1 Moodle | 2025-05-30 | 5.4 Medium |
| Insufficient escaping of participants' names in the participants page table resulted in a stored XSS risk when interacting with some features. | ||||
| CVE-2024-33997 | 1 Moodle | 1 Moodle | 2025-05-30 | 6.1 Medium |
| Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk when editing another user's equation. | ||||
| CVE-2023-41103 | 1 Interactsoftware | 1 Interact | 2025-05-30 | 5.4 Medium |
| Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in several locations, allowing an attacker to store a JavaScript payload. | ||||
| CVE-2023-35792 | 1 Vound-software | 1 Intella Connect | 2025-05-30 | 5.4 Medium |
| Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS). | ||||
| CVE-2023-31223 | 1 Dradisframework | 1 Dradis | 2025-05-30 | 8.7 High |
| Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars. | ||||