Total
37653 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-6491 | 1 Epesi | 1 Epesi | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (tooltip_id, callback, args, cid) passed to the EPESI-master/modules/Utils/Tooltip/req.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-5197 | 1 Silverstripe | 1 Silverstripe | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element. | |||||
| CVE-2016-4866 | 1 Cybozu | 1 Office | 2025-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Project function. | |||||
| CVE-2016-4883 | 1 Basercms | 1 Basercms | 2025-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2017-7251 | 1 Piengine | 1 Pi | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) was discovered in pi-engine/pi 2.5.0. The vulnerability exists due to insufficient filtration of user-supplied data (preview) passed to the "pi-develop/www/script/editor/markitup/preview/markdown.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-5938 | 4 Debian, Opensuse, Opensuse Project and 1 more | 4 Debian Linux, Leap, Leap and 1 more | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name. | |||||
| CVE-2017-7204 | 1 Imdbphp Project | 1 Imdbphp | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) was discovered in imdbphp 5.1.1. The vulnerability exists due to insufficient filtration of user-supplied data (name) passed to the "imdbphp-master/demo/search.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. | |||||
| CVE-2017-1217 | 1 Ibm | 1 Websphere Portal | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123857 | |||||
| CVE-2017-6755 | 1 Cisco | 1 Prime Collaboration Provisioning | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc90312. Known Affected Releases: 12.1. | |||||
| CVE-2017-6733 | 1 Cisco | 1 Identity Services Engine | 2025-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvd87482. Known Affected Releases: 2.1(102.101) 2.2(0.283) 2.3(0.151). | |||||
| CVE-2024-31828 | 1 Lavalite | 1 Lavalite | 2025-04-18 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows attackers to execute arbitrary code and obtain sensitive information via a crafted payload to the URL. | |||||
| CVE-2024-31741 | 1 1234n | 1 Minicms | 2025-04-18 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code via crafted string in the URL after login. | |||||
| CVE-2024-2603 | 1 Salonbookingsystem | 1 Salon Booking System | 2025-04-18 | N/A | 6.3 MEDIUM |
| The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin (or editor depending on Salon booking system WordPress plugin through 9.6.5 configuration) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-31609 | 1 Bosscms | 1 Bosscms | 2025-04-18 | N/A | 7.1 HIGH |
| Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attackers to run arbitrary code via the header code and footer code fields in code configuration. | |||||
| CVE-2024-55342 | 1 Dotnetfoundation | 1 Piranha Cms | 2025-04-18 | N/A | 4.7 MEDIUM |
| A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS vulnerability. | |||||
| CVE-2020-22540 | 1 Codologic | 1 Codoforum | 2025-04-18 | N/A | 5.4 MEDIUM |
| Stored Cross-Site Scripting (XSS) vulnerability in Codoforum v4.9, allows attackers to execute arbitrary code and obtain sensitive information via crafted payload to Category name component. | |||||
| CVE-2024-32505 | 1 Wpmet | 1 Elements Kit Elementor Addons | 2025-04-18 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wpmet Elements kit Elementor addons allows Stored XSS.This issue affects Elements kit Elementor addons: from n/a through 3.0.6. | |||||
| CVE-2024-4061 | 1 Ays-pro | 1 Survey Maker | 2025-04-18 | N/A | 4.8 MEDIUM |
| The Survey Maker WordPress plugin before 4.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | |||||
| CVE-2024-51055 | 1 Hoosk | 1 Hoosk | 2025-04-18 | N/A | 6.5 MEDIUM |
| An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component. | |||||
| CVE-2023-46950 | 1 Contribsys | 1 Sidekiq | 2025-04-18 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions. | |||||