Search Results (47249 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-39813 1 Italtel 1 Netmatch-s Ci 2025-03-28 6.1 Medium
Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/j_security_check via the j_username parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary JavaScript. The payload would then be triggered every time an authenticated user browses the page containing it.
CVE-2024-57686 1 Phpgurukul 1 Land Record System 2025-03-28 9.8 Critical
A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "pagetitle" parameter.
CVE-2024-34089 2 Archer, Archerirm 2 Platform, Archer 2025-03-28 7.3 High
An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 P3 (6.14.0.3) is also a fixed release.
CVE-2024-28401 1 Totolink 2 X2000r, X2000r Firmware 2025-03-28 5.4 Medium
TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the Wireless Page.
CVE-2024-27668 1 Flusity 1 Flusity 2025-03-28 6.1 Medium
Flusity-CMS v2.33 is affected by: Cross Site Scripting (XSS) in 'Custom Blocks.'
CVE-2024-26284 1 Mozilla 1 Firefox Focus 2025-03-28 6.1 Medium
Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker's website. This vulnerability affects Focus for iOS < 123.
CVE-2024-25436 1 Sfu 1 Open Journal Systems 2025-03-28 6.1 Medium
A cross-site scripting (XSS) vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function.
CVE-2023-33528 1 Halo 1 Halo 2025-03-28 6.1 Medium
halo v1.6.0 is vulnerable to Cross Site Scripting (XSS).
CVE-2022-44029 1 Netscout 1 Ngeniusone 2025-03-28 6.1 Medium
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 6 of 6.
CVE-2022-44025 1 Netscout 1 Ngeniusone 2025-03-28 6.1 Medium
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 2 of 6.
CVE-2025-23057 1 Arubanetworks 1 Fabric Composer 2025-03-28 5.5 Medium
A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface.
CVE-2025-23056 1 Arubanetworks 1 Fabric Composer 2025-03-28 5.5 Medium
A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface.
CVE-2025-23055 1 Arubanetworks 1 Fabric Composer 2025-03-28 5.5 Medium
A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the context of the compromised interface.
CVE-2025-1159 1 Campcodes 1 School Management Software 2025-03-28 3.5 Low
A vulnerability was found in CampCodes School Management Software 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academic-calendar. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-46429 1 Tenda 2 W18e, W18e Firmware 2025-03-28 8.8 High
A hardcoded credentials vulnerability in Tenda W18E V16.01.0.8(1625) allows unauthenticated remote attackers to access the web management portal using a default guest account with administrative privileges.
CVE-2022-44028 1 Netscout 1 Ngeniusone 2025-03-28 6.1 Medium
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 5 of 6.
CVE-2022-44027 1 Netscout 1 Ngeniusone 2025-03-28 6.1 Medium
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 4 of 6.
CVE-2022-44026 1 Netscout 1 Ngeniusone 2025-03-28 7.1 High
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 3 of 6.
CVE-2024-12772 1 Wpmanageninja 1 Ninja Tables 2025-03-28 6.1 Medium
The Ninja Tables WordPress plugin before 5.0.17 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, leading to a Cross Site Scripting vulnerability.
CVE-2024-57175 1 Phpgurukul 1 Online Birth Certificate System 2025-03-28 5.4 Medium
A Stored Cross-Site Scripting (XSS) vulnerability was identified in the PHPGURUKUL Online Birth Certificate System v1.0 via the profile name to /user/certificate-form.php.