Export limit exceeded: 47459 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47459 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31664 | 1 Wso2 | 1 Api Manager | 2025-01-31 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter. | ||||
| CVE-2024-5165 | 1 Eclipse | 1 Ditto | 2025-01-31 | 6.5 Medium |
| In Eclipse Ditto versions 3.0.0 to 3.5.5, the user input of several input fields of the Eclipse Ditto Explorer User Interface https://eclipse.dev/ditto/user-interface.html was not properly neutralized and thus vulnerable to both Reflected and Stored XSS (Cross Site Scripting). Several inputs were not persisted at the backend of Eclipse Ditto, but only in local browser storage to save settings of "environments" of the UI and e.g. the last performed "search queries", resulting in a "Reflected XSS" vulnerability. However, several other inputs were persisted at the backend of Eclipse Ditto, leading to a "Stored XSS" vulnerability. Those mean that authenticated and authorized users at Eclipse Ditto can persist Things in Ditto which can - when being displayed by other users also being authorized to see those Things in the Eclipse Ditto UI - cause scripts to be executed in the browser of other users. | ||||
| CVE-2023-27921 | 1 Jins | 2 Jins Meme, Jins Meme Firmware | 2025-01-31 | 6.5 Medium |
| JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker. | ||||
| CVE-2023-25440 | 1 Civicrm | 1 Civicrm | 2025-01-31 | 5.4 Medium |
| Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field. | ||||
| CVE-2023-2339 | 1 Pimcore | 1 Pimcore | 2025-01-30 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2025-24459 | 1 Jetbrains | 1 Teamcity | 2025-01-30 | 4.6 Medium |
| In JetBrains TeamCity before 2024.12.1 reflected XSS was possible on the Vault Connection page | ||||
| CVE-2023-30454 | 1 Ebankit | 1 Ebankit | 2025-01-30 | 6.1 Medium |
| An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be passed to an eval() function and executed upon pressing the continue button. | ||||
| CVE-2023-30405 | 1 Aigital | 2 Wireless-n Repeater Mini Router, Wireless-n Repeater Mini Router Firmware | 2025-01-30 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the wl_ssid parameter at /boafrm/formHomeWlanSetup. | ||||
| CVE-2023-30205 | 1 Douphp | 1 Douphp | 2025-01-30 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the unique_id parameter in /admin/article.php. | ||||
| CVE-2022-41400 | 1 Sage | 1 Sage 300 | 2025-01-30 | 9.8 Critical |
| Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings. | ||||
| CVE-2023-24966 | 1 Ibm | 1 Websphere Application Server | 2025-01-30 | 6.1 Medium |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246904. | ||||
| CVE-2023-2361 | 1 Pimcore | 1 Pimcore | 2025-01-30 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2023-30123 | 1 Wuzhicms | 1 Wuzhicms | 2025-01-30 | 5.4 Medium |
| wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings. | ||||
| CVE-2023-2343 | 1 Pimcore | 1 Pimcore | 2025-01-30 | 5.4 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21. | ||||
| CVE-2023-2386 | 1 Netgear | 2 Srx5308, Srx5308 Firmware | 2025-01-30 | 2.4 Low |
| A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.toAddr leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227664. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-2390 | 1 Netgear | 2 Srx5308, Srx5308 Firmware | 2025-01-30 | 2.4 Low |
| A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server1 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-27864 | 1 Ibm | 1 Maximo Asset Management | 2025-01-30 | 5.4 Medium |
| IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 249327. | ||||
| CVE-2023-2383 | 1 Netgear | 2 Srx5308, Srx5308 Firmware | 2025-01-30 | 2.4 Low |
| A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-29643 | 1 Perfree | 1 Perfreeblog | 2025-01-30 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function. | ||||
| CVE-2023-29641 | 1 Ipandao | 1 Editor.md | 2025-01-30 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text. | ||||