Export limit exceeded: 47462 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47462 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-47110 1 Adobe 3 Commerce, Commerce B2b, Magento 2025-07-15 8.4 High
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Scope is changed to that of other high-privileged accounts, leading to a high impact on confidentiality, integrity, and availability.
CVE-2024-8907 1 Google 2 Android, Chrome 2025-07-15 6.1 Medium
Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity: Medium)
CVE-2019-17659 1 Fortinet 1 Fortisiem 2025-07-15 3.6 Low
A use of hard-coded cryptographic key vulnerability in FortiSIEM version 5.2.6 may allow a remote unauthenticated attacker to obtain SSH access to the supervisor as the restricted user "tunneluser" by leveraging knowledge of the private key from another installation or a firmware image.
CVE-2024-11850 1 Langgenius 1 Dify 2025-07-15 5.4 Medium
A stored cross-site scripting (XSS) vulnerability exists in the latest version of langgenius/dify. The vulnerability is due to improper validation and sanitization of user input in SVG markdown support within the chatbot feature. An attacker can exploit this vulnerability by injecting malicious SVG content, which can execute arbitrary JavaScript code when viewed by an admin, potentially leading to credential theft.
CVE-2025-20250 1 Cisco 1 Webex Meetings 2025-07-14 6.1 Medium
A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cross-site scripting attack against the targeted user.
CVE-2025-20247 1 Cisco 1 Webex Meetings 2025-07-14 6.1 Medium
A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cross-site scripting attack against the targeted user.
CVE-2025-20246 1 Cisco 1 Webex Meetings 2025-07-14 6.1 Medium
A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input. An attacker could exploit this vulnerability by persuading a user to follow a malicious link. A successful exploit could allow the attacker to conduct a cross-site scripting attack against the targeted user.
CVE-2024-29855 1 Veeam 1 Recovery Orchestrator 2025-07-14 N/A
Hard-coded JWT secret allows authentication bypass in Veeam Recovery Orchestrator
CVE-2024-53679 1 Apache 1 Vcl 2025-07-14 5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of the site can craft a URL or be tricked in to clicking a URL that will give a specified user elevated rights. This issue affects all versions of Apache VCL through 2.5.1. Users are recommended to upgrade to version 2.5.2, which fixes the issue.
CVE-2024-11824 1 Langgenius 1 Dify 2025-07-14 7.6 High
A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest, specifically in the chat log functionality. The vulnerability arises because certain HTML tags like <input> and <form> are not disallowed, allowing an attacker to inject malicious HTML into the log via prompts. When an admin views the log containing the malicious HTML, the attacker could steal the admin's credentials or sensitive information. This issue is fixed in version 0.12.1.
CVE-2025-22243 2 Broadcom, Vmware 4 Vmware Nsx, Cloud Foundation, Telco Cloud Infrastructure and 1 more 2025-07-14 7.5 High
VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.
CVE-2025-22244 2 Broadcom, Vmware 4 Vmware Nsx, Cloud Foundation, Telco Cloud Infrastructure and 1 more 2025-07-14 6.9 Medium
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.
CVE-2025-22245 2 Broadcom, Vmware 4 Vmware Nsx, Cloud Foundation, Telco Cloud Infrastructure and 1 more 2025-07-14 5.9 Medium
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.
CVE-2025-25247 1 Apache 1 Felix Webconsole 2025-07-14 6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8. Users are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issue.
CVE-2025-27888 1 Apache 1 Druid 2025-07-14 5.4 Medium
Severity: medium (5.8) / important Server-Side Request Forgery (SSRF), Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Druid. This issue affects all previous Druid versions. When using the Druid management proxy, a request that has a specially crafted URL could be used to redirect the request to an arbitrary server instead. This has the potential for XSS or XSRF. The user is required to be authenticated for this exploit. The management proxy is enabled in Druid's out-of-box configuration. It may be disabled to mitigate this vulnerability. If the management proxy is disabled, some web console features will not work properly, but core functionality is unaffected. Users are recommended to upgrade to Druid 31.0.2 or Druid 32.0.1, which fixes the issue.
CVE-2024-56916 1 Netbox 1 Netbox 2025-07-13 6.1 Medium
In Netbox Community 4.1.7, once authenticated, Configuration History > Add`is vulnerable to cross-site scripting (XSS) due to the `current value` field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript to the any banner field. Once a victim edits a Configuration History version or attempts to Add a new version, the XSS payload will trigger.
CVE-2024-56917 1 Netbox 1 Netbox 2025-07-13 7.1 High
Netbox Community 4.1.7 is vulnerable to Cross Site Scripting (XSS) via the maintenance banner` in maintenance mode.
CVE-2025-25905 2 4pace, Cadclick 2 Cadclick, Cadclick 2025-07-13 7.1 High
Cross-Site Scripting (XSS) vulnerability in CADClick v1.13.0 and before allows remote attackers to inject arbitrary web script or HTML via the "tree" parameter.
CVE-2024-56918 1 Netbox 1 Netbox 2025-07-13 6.1 Medium
In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting (XSS), which allows a privileged, authenticated attacker to exfiltrate user input from the login form.
CVE-2025-5194 2 Wordpress, Wp Map Block Project 2 Wordpress, Wp Map Block 2025-07-13 4.8 Medium
The WP Map Block WordPress plugin before 2.0.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.