Total
36879 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0764 | 1 Bestwebsoft | 1 Gallery | 2025-02-06 | N/A | 5.4 MEDIUM |
| The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. The attacker must have at least the privileges of the Author role. | |||||
| CVE-2023-0374 | 1 W4 Post List Project | 1 W4 Post List | 2025-02-06 | N/A | 5.4 MEDIUM |
| The W4 Post List WordPress plugin before 2.4.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2022-44726 | 1 Timesheets-for-jira | 1 Timesheet Tracking | 2025-02-06 | N/A | 5.4 MEDIUM |
| The TouchDown Timesheet tracking component 4.1.4 for Jira allows XSS in the calendar view. | |||||
| CVE-2018-17883 | 1 Otrs | 1 Otrs | 2025-02-06 | N/A | 6.1 MEDIUM |
| An issue was discovered in Open Ticket Request System (OTRS) 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS. | |||||
| CVE-2018-17537 | 1 Gitlab | 1 Gitlab | 2025-02-06 | N/A | 5.4 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. blog-viewer has stored XSS during repository browsing, if package.json exists. . | |||||
| CVE-2023-48679 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-06 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. | |||||
| CVE-2024-45717 | 1 Solarwinds | 1 Solarwinds Platform | 2025-02-06 | N/A | 7.0 HIGH |
| The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction. | |||||
| CVE-2023-48681 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-06 | N/A | 6.1 MEDIUM |
| Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. | |||||
| CVE-2023-48682 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-06 | N/A | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability in unit name. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. | |||||
| CVE-2024-54853 | 2025-02-06 | N/A | 5.4 MEDIUM | ||
| A Stored Cross-Site Scripting (XSS) vulnerability was identified affecting Skybox Change Manager versions 13.2.170 and earlier that allows remote authenticated users to store malicious payloads in the affected field that would then execute in an unsuspecting victim's browser. | |||||
| CVE-2023-2103 | 1 Easyappointments | 1 Easyappointments | 2025-02-06 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | |||||
| CVE-2023-2102 | 1 Easyappointments | 1 Easyappointments | 2025-02-06 | N/A | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | |||||
| CVE-2023-29774 | 1 Iteachyou | 1 Dreamer Cms | 2025-02-06 | N/A | 5.4 MEDIUM |
| Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting (XSS). | |||||
| CVE-2023-27092 | 1 Jbootfly Project | 1 Jbootfly | 2025-02-06 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability found in Jbootfly allows attackers to obtain sensitive information via the username parameter. | |||||
| CVE-2023-1473 | 1 Metaslider | 1 Slider\, Gallery\, And Carousel | 2025-02-06 | N/A | 6.1 MEDIUM |
| The Slider, Gallery, and Carousel by MetaSlider WordPress plugin 3.29.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | |||||
| CVE-2023-1282 | 1 Codedropz | 1 Drag And Drop Multiple File Upload - Contact Form 7 | 2025-02-06 | N/A | 6.1 MEDIUM |
| The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin before 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin before 5.0.6.4 do not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins. | |||||
| CVE-2022-48178 | 1 X2crm | 1 X2crm | 2025-02-06 | N/A | 5.4 MEDIUM |
| X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Create Action function, aka an index.php/actions/update URI. | |||||
| CVE-2022-48177 | 1 X2crm | 1 X2crm | 2025-02-06 | N/A | 5.4 MEDIUM |
| X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the adin/importModels Import Records Model field (model parameter). This vulnerability allows attackers to create malicious JavaScript that will be executed by the victim user's browser. | |||||
| CVE-2022-43696 | 1 Open-xchange | 1 Ox App Suite | 2025-02-06 | N/A | 6.1 MEDIUM |
| OX App Suite before 7.10.6-rev20 allows XSS via upsell ads. | |||||
| CVE-2023-47869 | 1 Gvectors | 1 Wpforo Forum | 2025-02-06 | N/A | 4.3 MEDIUM |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Code Injection.This issue affects wpForo Forum: from n/a through 2.2.5. | |||||