Export limit exceeded: 367120 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 47474 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47474 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-26100 | 1 Progress | 1 Flowmon Os | 2025-02-05 | 6.1 Medium |
| In Progress Flowmon before 12.2.0, an application endpoint failed to sanitize user-supplied input. A threat actor could leverage a reflected XSS vulnerability to execute arbitrary code within the context of a Flowmon user's web browser. | ||||
| CVE-2022-42973 | 2 Microsoft, Schneider-electric | 8 Windows 10, Windows 11, Windows 7 and 5 more | 2025-02-05 | 7.8 High |
| A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) | ||||
| CVE-2022-43376 | 1 Schneider-electric | 10 Netbotz 355, Netbotz 355 Firmware, Netbotz 450 and 7 more | 2025-02-05 | 7.6 High |
| A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause code and session manipulation when malicious code is inserted into the browser. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior) | ||||
| CVE-2023-5946 | 1 Evarisk | 1 Digirisk | 2025-02-05 | 6.1 Medium |
| The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'current_group_id' parameter in version 6.0.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2017-1563 | 1 Ibm | 1 Engineering Requirements Management Doors | 2025-02-05 | N/A |
| IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131763. | ||||
| CVE-2017-1567 | 1 Ibm | 1 Engineering Requirements Management Doors | 2025-02-05 | N/A |
| IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131769. | ||||
| CVE-2017-1540 | 1 Ibm | 1 Engineering Requirements Management Doors | 2025-02-05 | N/A |
| IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130808. | ||||
| CVE-2017-1532 | 1 Ibm | 1 Engineering Requirements Management Doors | 2025-02-05 | N/A |
| IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411. | ||||
| CVE-2022-48020 | 1 Vinteo | 1 Video Core | 2025-02-05 | 6.1 Medium |
| Vinteo VCC v2.36.4 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the conference parameter. This vulnerability allows attackers to inject arbitrary code which will be executed by the victim user's browser. | ||||
| CVE-2023-39308 | 1 Monsterinsights | 1 Userfeedback | 2025-02-05 | 7.1 High |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <= 1.0.7 versions. | ||||
| CVE-2024-57556 | 1 Nbubna | 1 Store | 2025-02-05 | 6.1 Medium |
| Cross Site Scripting vulnerability in nbubna store v.2.14.2 and before allows a remote attacker to execute arbitrary code via the store.deep.js component | ||||
| CVE-2024-28097 | 1 Schoolbox | 1 Schoolbox | 2025-02-05 | 7.3 High |
| Calendar functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. | ||||
| CVE-2024-28096 | 1 Schoolbox | 1 Schoolbox | 2025-02-05 | 7.3 High |
| Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. | ||||
| CVE-2024-28095 | 1 Schoolbox | 1 Schoolbox | 2025-02-05 | 7.3 High |
| News functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. | ||||
| CVE-2023-26599 | 1 Uniguest | 1 Tripleplay | 2025-02-05 | 6.1 Medium |
| XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link. | ||||
| CVE-2023-30614 | 1 Pay Project | 1 Pay | 2025-02-05 | 7.1 High |
| Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions prior to 6.3.2 a payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain individuals. If the targeted application contains a functionality to submit user-generated content (such as comments) the attacker could even distribute the URL using that functionality. This has been patched in version 6.3.2 and above. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-2099 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2025-02-05 | 3.5 Low |
| A vulnerability classified as problematic has been found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226107. | ||||
| CVE-2023-2155 | 1 Air Cargo Management System Project | 1 Air Cargo Management System | 2025-02-05 | 2.4 Low |
| A vulnerability was found in SourceCodester Air Cargo Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file classes/Master.php?f=save_cargo_type. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226276. | ||||
| CVE-2023-27777 | 1 Online Jewelry Shop Project | 1 Online Jewelry Shop | 2025-02-05 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted URL. | ||||
| CVE-2023-27776 | 1 Online Jewelry Shop Project | 1 Online Jewelry Shop | 2025-02-05 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in /index.php?page=category_list of Online Jewelry Shop v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter. | ||||