Export limit exceeded: 366145 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47379 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-43152 1 3dflipbook 1 3d Flipbook 2025-01-29 5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in iberezansky 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery allows Stored XSS.This issue affects 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through 1.15.6.
CVE-2023-24957 1 Ibm 1 Business Automation Workflow 2025-01-29 5.4 Medium
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246115.
CVE-2022-43866 1 Ibm 1 Maximo Asset Management 2025-01-29 5.4 Medium
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239436.
CVE-2023-31183 1 Cybonet 1 Pineapp Mail Secure 2025-01-29 6.1 Medium
Cybonet PineApp Mail Secure A reflected cross-site scripting (XSS) vulnerability was identified in the product, using an unspecified endpoint.
CVE-2023-2560 1 Newbinggogo Project 1 Newbinggogo 2025-01-29 3.5 Low
A vulnerability was found in jja8 NewBingGoGo up to 2023.5.5.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228167.
CVE-2023-30057 1 Fico 1 Origination Manager Decision 2025-01-29 5.4 Medium
Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-1031 1 Monicahq 1 Monica 2025-01-29 8.8 High
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `settings` endpoint and first_name parameter.
CVE-2021-31711 1 Responsivefilemanager 1 Responsivefilemanager 2025-01-29 5.4 Medium
Cross Site Scripting vulnerability found in Trippo ResponsiveFilemanager v.9.14.0 and before allows a remote attacker to execute arbitrary code via the sort_by parameter in the dialog.php file.
CVE-2020-18280 1 Md Project 1 Md 2025-01-29 6.1 Medium
Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a local attacker to execute arbitrary code via the EMBED SRC function.
CVE-2024-25602 1 Liferay 2 Digital Experience Platform, Liferay Portal 2025-01-28 9 Critical
Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into an organization’s “Name” text field
CVE-2024-25601 1 Liferay 2 Digital Experience Platform, Liferay Portal 2025-01-28 9 Critical
Stored cross-site scripting (XSS) vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the name text field of a geolocation custom field.
CVE-2024-25152 1 Liferay 2 Digital Experience Platform, Liferay Portal 2025-01-28 9 Critical
Stored cross-site scripting (XSS) vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the filename of an attachment.
CVE-2023-37940 1 Liferay 2 Digital Experience Platform, Liferay Portal 2025-01-28 4.8 Medium
Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy's `Service Class` text field.
CVE-2023-40191 1 Liferay 2 Digital Experience Platform, Liferay Portal 2025-01-28 9 Critical
Reflected cross-site scripting (XSS) vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 44 through 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the “Blocked Email Domains” text field
CVE-2023-47795 1 Liferay 2 Digital Experience Platform, Liferay Portal 2025-01-28 9 Critical
Stored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a document's “Title” text field.
CVE-2023-29791 1 Kodcloud 1 Kodbox 2025-01-28 6.1 Medium
kodbox <= 1.37 is vulnerable to Cross Site Scripting (XSS) via the debug information.
CVE-2023-2591 1 Teampass 1 Teampass 2025-01-28 5.4 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to 3.0.7.
CVE-2023-30742 1 Sap 2 Customer Relationship Management S4fnd, Customer Relationship Management Webclient Ui 2025-01-28 6.1 Medium
SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user's session. The information from the victim's session could then be modified or read by the attacker.
CVE-2023-31804 1 Chamilo 1 Chamilo Lms 2025-01-28 5.4 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters.
CVE-2023-30743 1 Sap 1 Sapui5 2025-01-28 7.1 High
Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by the application, the vulnerability could lead to the attacker reading or modifying user’s information through phishing attack.