Total
36875 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-3988 | 1 Sinaextra | 1 Sina Extension For Elementor | 2025-02-07 | N/A | 6.4 MEDIUM |
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Fancy Text Widget in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
CVE-2023-50231 | 1 Netgear | 1 Prosafe Network Management System | 2025-02-07 | N/A | 9.6 CRITICAL |
NETGEAR ProSAFE Network Management System saveNodeLabel Cross-Site Scripting Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. Minimal user interaction is required to exploit this vulnerability. The specific flaw exists within the saveNodeLabel method. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-21838. | |||||
CVE-2025-1085 | 2025-02-07 | 5.0 MEDIUM | 4.3 MEDIUM | ||
A vulnerability, which was classified as problematic, was found in Animati PACS up to 1.24.12.09.03. This affects an unknown part of the file /login. The manipulation of the argument p leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2025-1082 | 2025-02-06 | 4.0 MEDIUM | 3.5 LOW | ||
A vulnerability classified as problematic has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected is an unknown function of the file /api/admin/question/edit of the component Exam Edit Handler. The manipulation of the argument title/content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
CVE-2024-57428 | 2025-02-06 | N/A | 9.3 CRITICAL | ||
A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema Booking System v2.0 exists due to unsanitized input in file upload fields (event_img, seat_maps) and seat number configurations (number[new_X] in pjActionCreate). Attackers can inject persistent JavaScript, leading to phishing, malware injection, and session hijacking. | |||||
CVE-2024-57041 | 2025-02-06 | N/A | 4.6 MEDIUM | ||
A persistent cross-site scripting (XSS) vulnerability in NodeBB v3.11.0 allows remote attackers to store arbitrary code in the 'about me' section of their profile. | |||||
CVE-2024-57599 | 2025-02-06 | N/A | 4.8 MEDIUM | ||
Cross Site Scripting vulnerability in DouPHP v.1.8 Release 20231203 allows attackers to execute arbitrary code via a crafted payload injected into the description parameter in /admin/article.php | |||||
CVE-2023-29847 | 1 Aerocms Project | 1 Aerocms | 2025-02-06 | N/A | 5.4 MEDIUM |
AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
CVE-2023-26123 | 1 Raylib | 1 Raylib | 2025-02-06 | N/A | 6.1 MEDIUM |
Versions of the package raysan5/raylib before 4.5.0 are vulnerable to Cross-site Scripting (XSS) such that the SetClipboardText API does not properly escape the ' character, allowing attacker-controlled input to break out of the string and execute arbitrary JavaScript via emscripten_run_script function. **Note:** This vulnerability is present only when compiling raylib for PLATFORM_WEB. All the other Desktop/Mobile/Embedded platforms are not affected. | |||||
CVE-2022-43697 | 1 Open-xchange | 1 Ox App Suite | 2025-02-06 | N/A | 6.1 MEDIUM |
OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob. | |||||
CVE-2022-40490 | 2025-02-06 | N/A | 4.8 MEDIUM | ||
Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting (XSS) vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file. | |||||
CVE-2018-17536 | 1 Gitlab | 1 Gitlab | 2025-02-06 | N/A | 5.4 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the merge request page via project import. | |||||
CVE-2018-17454 | 1 Gitlab | 1 Gitlab | 2025-02-06 | N/A | 5.4 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the issue details screen. | |||||
CVE-2023-47626 | 1 Combodo | 1 Itop | 2025-02-06 | N/A | 8.8 HIGH |
iTop is an IT service management platform. When displaying/editing the user's personal tokens, XSS attacks are possible. This vulnerability is fixed in 3.1.1. | |||||
CVE-2023-47622 | 1 Combodo | 1 Itop | 2025-02-06 | N/A | 8.8 HIGH |
iTop is an IT service management platform. When dashlet are refreshed, XSS attacks are possible. This vulnerability is fixed in 3.0.4 and 3.1.1. | |||||
CVE-2023-47123 | 1 Combodo | 1 Itop | 2025-02-06 | N/A | 8.7 HIGH |
iTop is an IT service management platform. By filling malicious code in an object friendlyname / complementary name, an XSS attack can be performed when this object will displayed as an n:n relation item in another object. This vulnerability is fixed in 3.1.1 and 3.2.0. | |||||
CVE-2023-44396 | 1 Combodo | 1 Itop | 2025-02-06 | N/A | 6.8 MEDIUM |
iTop is an IT service management platform. Dashlet edits ajax endpoints can be used to produce XSS. Fixed in iTop 2.7.10, 3.0.4, and 3.1.1. | |||||
CVE-2023-43790 | 1 Combodo | 1 Itop | 2025-02-06 | N/A | 5.7 MEDIUM |
iTop is an IT service management platform. By manipulating HTTP queries, a user can inject malicious content in the fields used for the object friendlyname value. This vulnerability is fixed in 3.1.1 and 3.2.0. | |||||
CVE-2024-52892 | 2025-02-06 | N/A | 6.1 MEDIUM | ||
IBM Jazz for Service Management 1.1.3 through 1.1.3.23 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
CVE-2022-28353 | 1 External Redirect Warning Project | 1 External Redirect Warning | 2025-02-06 | N/A | 6.1 MEDIUM |
In the External Redirect Warning Plugin 1.3 for MyBB, the redirect URL (aka external.php?url=) is vulnerable to XSS. |