Export limit exceeded: 47462 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47462 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2328 | 1 Pimcore | 1 Pimcore | 2025-01-31 | 5.4 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2022-2430 | 1 Visualcomposer | 1 Visual Composer Website Builder | 2025-01-31 | 6.4 Medium |
| The Visual Composer Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Text Block' feature in versions up to, and including, 45.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with access to the visual composer editor to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2022-2937 | 1 Oxilab | 1 Image Hover Effects Ultimate | 2025-01-31 | 6.4 Medium |
| The Image Hover Effects Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title & Description values that can be added to an Image Hover in versions up to, and including, 9.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, the plugin only allows administrators access to edit Image Hovers, however, if a site admin makes the plugin's features available to lower privileged users through the 'Who Can Edit?' setting then this can be exploited by those users. | ||||
| CVE-2023-2322 | 1 Pimcore | 1 Pimcore | 2025-01-31 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2023-2323 | 1 Pimcore | 1 Pimcore | 2025-01-31 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2023-2327 | 1 Pimcore | 1 Pimcore | 2025-01-31 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2023-2340 | 1 Pimcore | 1 Pimcore | 2025-01-31 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2023-2341 | 1 Pimcore | 1 Pimcore | 2025-01-31 | 6.1 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2023-2342 | 1 Pimcore | 1 Pimcore | 2025-01-31 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2023-33751 | 1 Mipjz Project | 1 Mipjz | 2025-01-31 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at /app/tag/controller/ApiAdminTagCategory.php. | ||||
| CVE-2023-33750 | 1 Mipjz Project | 1 Mipjz | 2025-01-31 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd. | ||||
| CVE-2023-33599 | 1 Easyimages2.0 Project | 1 Easyimages2.0 | 2025-01-31 | 6.1 Medium |
| EasyImages2.0 ≤ 2.8.1 is vulnerable to Cross Site Scripting (XSS) via viewlog.php. | ||||
| CVE-2023-32766 | 1 Gitpod | 1 Gitpod | 2025-01-31 | 6.1 Medium |
| Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:). | ||||
| CVE-2022-41397 | 1 Sage | 1 Sage 300 | 2025-01-31 | 9.8 Critical |
| The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables. | ||||
| CVE-2020-23647 | 1 Boxbilling | 1 Boxbilling | 2025-01-31 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form. | ||||
| CVE-2020-21643 | 1 Hongcms Project | 1 Hongcms | 2025-01-31 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop. | ||||
| CVE-2023-37936 | 1 Fortinet | 1 Fortiswitch | 2025-01-31 | 9.6 Critical |
| A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests. | ||||
| CVE-2023-28820 | 1 Concretecms | 1 Concrete Cms | 2025-01-31 | 2 Low |
| Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized. | ||||
| CVE-2023-28471 | 1 Concretecms | 1 Concrete Cms | 2025-01-31 | 5.4 Medium |
| Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS via a container name. | ||||
| CVE-2022-41399 | 1 Sage | 1 Sage 300 | 2025-01-31 | 7.5 High |
| The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database. | ||||