Export limit exceeded: 47462 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47462 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-2328 1 Pimcore 1 Pimcore 2025-01-31 5.4 Medium
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.
CVE-2022-2430 1 Visualcomposer 1 Visual Composer Website Builder 2025-01-31 6.4 Medium
The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Block' feature in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2022-2937 1 Oxilab 1 Image Hover Effects Ultimate 2025-01-31 6.4 Medium
The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users.
CVE-2023-2322 1 Pimcore 1 Pimcore 2025-01-31 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
CVE-2023-2323 1 Pimcore 1 Pimcore 2025-01-31 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
CVE-2023-2327 1 Pimcore 1 Pimcore 2025-01-31 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
CVE-2023-2340 1 Pimcore 1 Pimcore 2025-01-31 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
CVE-2023-2341 1 Pimcore 1 Pimcore 2025-01-31 6.1 Medium
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.
CVE-2023-2342 1 Pimcore 1 Pimcore 2025-01-31 5.4 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.
CVE-2023-33751 1 Mipjz Project 1 Mipjz 2025-01-31 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at /app/tag/controller/ApiAdminTagCategory.php.
CVE-2023-33750 1 Mipjz Project 1 Mipjz 2025-01-31 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd.
CVE-2023-33599 1 Easyimages2.0 Project 1 Easyimages2.0 2025-01-31 6.1 Medium
EasyImages2.0 ≤ 2.8.1 is vulnerable to Cross Site Scripting (XSS) via viewlog.php.
CVE-2023-32766 1 Gitpod 1 Gitpod 2025-01-31 6.1 Medium
Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:).
CVE-2022-41397 1 Sage 1 Sage 300 2025-01-31 9.8 Critical
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables.
CVE-2020-23647 1 Boxbilling 1 Boxbilling 2025-01-31 6.1 Medium
Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form.
CVE-2020-21643 1 Hongcms Project 1 Hongcms 2025-01-31 6.1 Medium
Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop.
CVE-2023-37936 1 Fortinet 1 Fortiswitch 2025-01-31 9.6 Critical
A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests.
CVE-2023-28820 1 Concretecms 1 Concrete Cms 2025-01-31 2 Low
Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized.
CVE-2023-28471 1 Concretecms 1 Concrete Cms 2025-01-31 5.4 Medium
Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS via a container name.
CVE-2022-41399 1 Sage 1 Sage 300 2025-01-31 7.5 High
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database.