Search Results (47312 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-33785 1 Netbox 1 Netbox 2024-11-27 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Rack Roles (/dcim/rack-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33795 1 Netbox 1 Netbox 2024-11-27 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Create Contact Roles (/tenancy/contact-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33661 1 Churchcrm 1 Churchcrm 2024-11-27 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters.
CVE-2023-34647 1 Phpgurukul 1 Hostel Management System 2024-11-27 6.1 Medium
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).
CVE-2023-34650 1 Small Crm Project 1 Small Crm 2024-11-27 6.1 Medium
PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS).
CVE-2023-34651 1 Hospital Management System Project 1 Hospital Management System 2024-11-27 6.1 Medium
PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).
CVE-2023-34652 1 Phpgurukul 1 Hostel Management System 2024-11-27 6.1 Medium
PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course.
CVE-2022-27665 1 Progress 1 Ws Ftp Server 2024-11-27 6.1 Medium
Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.
CVE-2023-34831 1 Odysseycs 1 Ithacalabs Turnitin Lti 2024-11-27 5.4 Medium
The "Submission Web Form" of Turnitin LTI tool/plugin version 1.3 is affected by HTML Injection attacks. The security issue affects the submission web form ("id" and "title" HTTP POST parameters) where the students submit their reports for similarity/plagiarism checks.
CVE-2023-36484 1 Ilias 1 Ilias 2024-11-26 6.1 Medium
ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting (XSS).
CVE-2023-33335 1 Sophos 1 Iview 2024-11-26 6.1 Medium
Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed.
CVE-2023-42325 1 Netgate 1 Pfsense 2024-11-26 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page.
CVE-2024-48415 2 Itsourcecode, Razormist 2 Loan Management System, Loan Management System 2024-11-26 4.6 Medium
itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in new borrowers functionality on the Borrowers page.
CVE-2022-37139 1 Razormist 1 Loan Management System 2024-11-26 5.4 Medium
Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
CVE-2023-37256 1 Mediawiki 1 Mediawiki 2024-11-26 6.1 Medium
An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs.
CVE-2023-33276 1 Gira 2 Knx Ip Router, Knx Ip Router Firmware 2024-11-26 6.1 Medium
The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a "404 - Not Found" status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the supplied path without context-sensitive HTML encoding, it is vulnerable to reflective cross-site scripting (XSS).
CVE-2023-37251 1 Mediawiki 1 Mediawiki 2024-11-26 6.1 Medium
An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs.
CVE-2023-37255 1 Mediawiki 1 Mediawiki 2024-11-26 6.1 Medium
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the "get edits" type is vulnerable to HTML injection through the User-Agent HTTP request header.
CVE-2023-49215 1 Usedesk 1 Usedesk 2024-11-26 6.1 Medium
Usedesk before 1.7.57 allows filter reflected XSS.
CVE-2023-48880 1 Eyoucms 1 Eyoucms 2024-11-26 4.8 Medium
A stored cross-site scripting (XSS) vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu Name field at /login.php?m=admin&c=Index&a=changeTableVal&_ajax=1&lang=cn.