Vulnerabilities (CVE)

Filtered by CWE-79
Total 36879 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-0764 1 Bestwebsoft 1 Gallery 2025-02-06 N/A 5.4 MEDIUM
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. The attacker must have at least the privileges of the Author role.
CVE-2023-0374 1 W4 Post List Project 1 W4 Post List 2025-02-06 N/A 5.4 MEDIUM
The W4 Post List WordPress plugin before 2.4.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2022-44726 1 Timesheets-for-jira 1 Timesheet Tracking 2025-02-06 N/A 5.4 MEDIUM
The TouchDown Timesheet tracking component 4.1.4 for Jira allows XSS in the calendar view.
CVE-2018-17883 1 Otrs 1 Otrs 2025-02-06 N/A 6.1 MEDIUM
An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS.
CVE-2018-17537 1 Gitlab 1 Gitlab 2025-02-06 N/A 5.4 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. .
CVE-2023-48679 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2025-02-06 N/A 5.4 MEDIUM
Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
CVE-2024-45717 1 Solarwinds 1 Solarwinds Platform 2025-02-06 N/A 7.0 HIGH
The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction.
CVE-2023-48681 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2025-02-06 N/A 6.1 MEDIUM
Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
CVE-2023-48682 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2025-02-06 N/A 5.4 MEDIUM
Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.
CVE-2024-54853 2025-02-06 N/A 5.4 MEDIUM
A Stored Cross-Site Scripting (XSS) vulnerability was identified affecting Skybox Change Manager versions 13.2.170 and earlier that allows remote authenticated users to store malicious payloads in the affected field that would then execute in an unsuspecting victim's browser.
CVE-2023-2103 1 Easyappointments 1 Easyappointments 2025-02-06 N/A 5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVE-2023-2102 1 Easyappointments 1 Easyappointments 2025-02-06 N/A 4.8 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVE-2023-29774 1 Iteachyou 1 Dreamer Cms 2025-02-06 N/A 5.4 MEDIUM
Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting (XSS).
CVE-2023-27092 1 Jbootfly Project 1 Jbootfly 2025-02-06 N/A 6.1 MEDIUM
Cross Site Scripting vulnerability found in Jbootfly allows attackers to obtain sensitive information via the username parameter.
CVE-2023-1473 1 Metaslider 1 Slider\, Gallery\, And Carousel 2025-02-06 N/A 6.1 MEDIUM
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin 3.29.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2023-1282 1 Codedropz 1 Drag And Drop Multiple File Upload - Contact Form 7 2025-02-06 N/A 6.1 MEDIUM
The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin before 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin before 5.0.6.4 do not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins.
CVE-2022-48178 1 X2crm 1 X2crm 2025-02-06 N/A 5.4 MEDIUM
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Create Action function, aka an index.php/actions/update URI.
CVE-2022-48177 1 X2crm 1 X2crm 2025-02-06 N/A 5.4 MEDIUM
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the adin/importModels Import Records Model field (model parameter). This vulnerability allows attackers to create malicious JavaScript that will be executed by the victim user's browser.
CVE-2022-43696 1 Open-xchange 1 Ox App Suite 2025-02-06 N/A 6.1 MEDIUM
OX App Suite before 7.10.6-rev20 allows XSS via upsell ads.
CVE-2023-47869 1 Gvectors 1 Wpforo Forum 2025-02-06 N/A 4.3 MEDIUM
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Code Injection.This issue affects wpForo Forum: from n/a through 2.2.5.