Export limit exceeded: 366145 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47379 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43152 | 1 3dflipbook | 1 3d Flipbook | 2025-01-29 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in iberezansky 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery allows Stored XSS.This issue affects 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through 1.15.6. | ||||
| CVE-2023-24957 | 1 Ibm | 1 Business Automation Workflow | 2025-01-29 | 5.4 Medium |
| IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246115. | ||||
| CVE-2022-43866 | 1 Ibm | 1 Maximo Asset Management | 2025-01-29 | 5.4 Medium |
| IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239436. | ||||
| CVE-2023-31183 | 1 Cybonet | 1 Pineapp Mail Secure | 2025-01-29 | 6.1 Medium |
| Cybonet PineApp Mail Secure A reflected cross-site scripting (XSS) vulnerability was identified in the product, using an unspecified endpoint. | ||||
| CVE-2023-2560 | 1 Newbinggogo Project | 1 Newbinggogo | 2025-01-29 | 3.5 Low |
| A vulnerability was found in jja8 NewBingGoGo up to 2023.5.5.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228167. | ||||
| CVE-2023-30057 | 1 Fico | 1 Origination Manager Decision | 2025-01-29 | 5.4 Medium |
| Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2023-1031 | 1 Monicahq | 1 Monica | 2025-01-29 | 8.8 High |
| MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `settings` endpoint and first_name parameter. | ||||
| CVE-2021-31711 | 1 Responsivefilemanager | 1 Responsivefilemanager | 2025-01-29 | 5.4 Medium |
| Cross Site Scripting vulnerability found in Trippo ResponsiveFilemanager v.9.14.0 and before allows a remote attacker to execute arbitrary code via the sort_by parameter in the dialog.php file. | ||||
| CVE-2020-18280 | 1 Md Project | 1 Md | 2025-01-29 | 6.1 Medium |
| Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a local attacker to execute arbitrary code via the EMBED SRC function. | ||||
| CVE-2024-25602 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-01-28 | 9 Critical |
| Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into an organization’s “Name” text field | ||||
| CVE-2024-25601 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-01-28 | 9 Critical |
| Stored cross-site scripting (XSS) vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the name text field of a geolocation custom field. | ||||
| CVE-2024-25152 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-01-28 | 9 Critical |
| Stored cross-site scripting (XSS) vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the filename of an attachment. | ||||
| CVE-2023-37940 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-01-28 | 4.8 Medium |
| Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy's `Service Class` text field. | ||||
| CVE-2023-40191 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-01-28 | 9 Critical |
| Reflected cross-site scripting (XSS) vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 44 through 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the “Blocked Email Domains” text field | ||||
| CVE-2023-47795 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-01-28 | 9 Critical |
| Stored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a document's “Title” text field. | ||||
| CVE-2023-29791 | 1 Kodcloud | 1 Kodbox | 2025-01-28 | 6.1 Medium |
| kodbox <= 1.37 is vulnerable to Cross Site Scripting (XSS) via the debug information. | ||||
| CVE-2023-2591 | 1 Teampass | 1 Teampass | 2025-01-28 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to 3.0.7. | ||||
| CVE-2023-30742 | 1 Sap | 2 Customer Relationship Management S4fnd, Customer Relationship Management Webclient Ui | 2025-01-28 | 6.1 Medium |
| SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user's session. The information from the victim's session could then be modified or read by the attacker. | ||||
| CVE-2023-31804 | 1 Chamilo | 1 Chamilo Lms | 2025-01-28 | 5.4 Medium |
| Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters. | ||||
| CVE-2023-30743 | 1 Sap | 1 Sapui5 | 2025-01-28 | 7.1 High |
| Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by the application, the vulnerability could lead to the attacker reading or modifying user’s information through phishing attack. | ||||