Total
28754 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18343 | 1 Sensiolabs | 1 Symfony | 2024-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x before v2.8.26, 3.x before v3.2.13, and 3.3.x before v3.3.6 has XSS via an array key during exception pretty printing in ExceptionHandler.php, as demonstrated by a /_debugbar/open?op=get URI. NOTE: the vendor's position is that this is not a vulnerability because the debug tools are not intended for production use. NOTE: the Symfony Debug component is used by Laravel Debugbar. | |||||
| CVE-2024-27140 | 2024-08-05 | N/A | N/A | ||
| ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. Alternatively, you could configure a HTTP proxy in front of your Archiva instance to only forward requests that do not have malicious characters in the URL. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2017-14522 | 1 Wondercms | 1 Wondercms | 2024-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their website. | |||||
| CVE-2024-25167 | 2024-08-05 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting vulnerability in eblog v1.0 allows a remote attacker to execute arbitrary code via a crafted script to the argument description parameter when submitting a comment on a post. | |||||
| CVE-2023-49986 | 2024-08-05 | N/A | 4.7 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in the component /admin/parent of School Fees Management System 1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | |||||
| CVE-2022-46091 | 2024-08-05 | N/A | 4.7 MEDIUM | ||
| Cross Site Scripting (XSS) vulnerability in the feedback form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter. | |||||
| CVE-2024-27626 | 2024-08-05 | N/A | 6.1 MEDIUM | ||
| A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel. | |||||
| CVE-2023-49984 | 2024-08-05 | N/A | 6.1 MEDIUM | ||
| A cross-site scripting (XSS) vulnerability in the component /management/settings of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | |||||
| CVE-2023-40288 | 2024-08-05 | N/A | 8.3 HIGH | ||
| An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | |||||
| CVE-2023-40287 | 2024-08-05 | N/A | 8.3 HIGH | ||
| An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | |||||
| CVE-2023-40284 | 2024-08-05 | N/A | 8.3 HIGH | ||
| An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue. | |||||
| CVE-2023-48903 | 2024-08-05 | N/A | 6.1 MEDIUM | ||
| Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php. | |||||
| CVE-2018-1000874 | 1 Cebe | 1 Markdown | 2024-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** PHP cebe markdown parser version 1.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in all distributed parsers allowing a malicious crafted script to be executed that can result in the lose of user data and sensitive user information. This attack can be exploited by crafting a three backtick wrapped payload with a character in front: L: "```<script>alert();</script>```". NOTE: This has been argued as a non-issue (see references) since it is not the parser's job to sanitize malicious code from a parsed document. | |||||
| CVE-2024-7356 | 2024-08-05 | N/A | 6.4 MEDIUM | ||
| The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘filename’ parameter in all versions up to, and including, 3.3.100 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2018-18405 | 1 Jquery | 1 Jquery | 2024-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry. | |||||
| CVE-2018-18307 | 1 Alchemy-cms | 1 Alchemy Cms | 2024-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field. NOTE: the vendor's position is that this is not a valid report: "The researcher used an authorized cookie to perform the request to a password-protected route. Without that session cookie, the request would have been rejected as unauthorized." | |||||
| CVE-2018-18290 | 1 Nconsulting | 1 Nc-cms | 2024-08-05 | 3.5 LOW | 4.8 MEDIUM |
| ** DISPUTED ** An issue was discovered in nc-cms through 2017-03-10. index.php?action=edit_html&name=home_content allows XSS via the HTML Source Editor. NOTE: the vendor disputes this because the form requires administrator privileges, and entering JavaScript is supported functionality. | |||||
| CVE-2018-18260 | 1 Tuzitio | 1 Camaleon Cms | 2024-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** In the 2.4 version of Camaleon CMS, Stored XSS has been discovered. The profile image in the User settings section can be run in the update / upload area via /admin/media/upload?actions=false. NOTE: the vendor reports that they are "unable to reproduce the reported issue on any version." | |||||
| CVE-2018-17865 | 1 Sap | 1 J2ee Engine | 2024-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2018-17862 | 1 Sap | 1 J2ee Engine | 2024-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||