Export limit exceeded: 367176 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 367176 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47476 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-49971 2 Oretnom23, Sourcecodester 2 Customer Support System, Customer Support System 2025-01-15 4.7 Medium
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customer_support/index.php?page=customer_list.
CVE-2023-49973 1 Oretnom23 1 Customer Support System 2025-01-15 6.1 Medium
A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customer_support/index.php?page=customer_list.
CVE-2023-2817 1 Craftcms 1 Craft Cms 2025-01-15 5.4 Medium
A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively.
CVE-2023-21516 1 Samsung 1 Galaxy Store 2025-01-15 7.5 High
XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
CVE-2023-37411 1 Ibm 1 Aspera Faspex 2025-01-14 4.8 Medium
IBM Aspera Faspex 5.0.0 through 5.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260139.
CVE-2023-33780 1 Invernyx 1 Smartcars 3 2025-01-14 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the body of news article.
CVE-2023-38723 1 Ibm 1 Maximo Application Suite 2025-01-14 6.4 Medium
IBM Maximo Application Suite 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262192.
CVE-2023-45181 1 Ibm 1 Jazz Foundation 2025-01-14 6.1 Medium
IBM Jazz Foundation 7.0.2 and below are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2023-33197 1 Craftcms 1 Craft Cms 2025-01-14 5.5 Medium
Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6.
CVE-2017-16774 1 Synology 1 Diskstation Manager 2025-01-14 N/A
Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter.
CVE-2018-8917 1 Synology 1 Diskstation Manager 2025-01-14 N/A
Cross-site scripting (XSS) vulnerability in info.cgi in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter.
CVE-2021-43929 1 Synology 1 Diskstation Manager 2025-01-14 6.5 Medium
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-13293 1 Synology 1 Diskstation Manager 2025-01-14 N/A
Cross-site scripting (XSS) vulnerability in Control Panel SSO Settings in Synology DiskStation Manager (DSM) before 6.2.1-23824 allows remote authenticated users to inject arbitrary web script or HTML via the URL parameter.
CVE-2023-33196 1 Craftcms 1 Craft Cms 2025-01-14 5.5 Medium
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33194 2 Craftcms, Craftercms 2 Craft Cms, Craftercms 2025-01-14 3.7 Low
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in version 4.4.6.
CVE-2023-2009 1 Pretty Url Project 1 Pretty Url 2025-01-14 4.8 Medium
Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2023-2947 1 Open-emr 1 Openemr 2025-01-14 4.8 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-32325 1 Posthog 1 Posthog-js 2025-01-14 5.4 Medium
PostHog-js is a library to interface with the PostHog analytics tool. Versions prior to 1.57.2 have the potential for cross-site scripting. Problem has been patched in 1.57.2. Users are advised to upgrade. Users unable to upgrade should ensure that their Content Security Policy is in place.
CVE-2023-33195 1 Craftcms 1 Craft Cms 2025-01-14 5 Medium
Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6.
CVE-2023-32686 1 Kiwitcms 1 Kiwi Tcms 2025-01-14 8.1 High
Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded. The upload validation checks were not robust enough which left the possibility of an attacker to circumvent them and upload a potentially dangerous file. Exploiting this flaw, a combination of files could be uploaded so that they work together to circumvent the existing Content-Security-Policy and allow execution of arbitrary JavaScript in the browser. This issue has been patched in version 12.3.