Search Results (47212 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-25825 1 Zoneminder 1 Zoneminder 2025-03-10 7.7 High
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 are vulnerable to Cross-site Scripting. Log entries can be injected into the database logs, containing a malicious referrer field. This is unescaped when viewing the logs in the web ui. This issue is patched in version 1.36.33.
CVE-2023-1067 1 Pimcore 1 Pimcore 2025-03-10 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.
CVE-2023-0043 1 Add User Project 1 Add User 2025-03-10 6.1 Medium
The Custom Add User WordPress plugin through 2.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2024-27774 1 Unitronics 1 Unilogic 2025-03-10 7.5 High
Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware
CVE-2023-0548 1 Kibokolabs 1 Namaste\! Lms 2025-03-10 4.8 Medium
The Namaste! LMS WordPress plugin before 2.5.9.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2023-26042 1 Part-db Project 1 Part-db 2025-03-10 6.1 Medium
Part-DB is an open source inventory management system for your electronic components. User input was found not being properly escaped, which allowed malicious users to inject arbitrary HTML into the pages. The Content-Security-Policy forbids inline and external scripts so it is not possible to execute JavaScript code, unless in combination with other vulnerabilities. There are no workarounds, please upgrade to Pat-DB 1.0.2 or later.
CVE-2023-22860 1 Ibm 1 Cloud Pak For Business Automation 2025-03-10 5.4 Medium
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100.
CVE-2023-22438 1 Ec-cube 1 Ec-cube 2025-03-07 5.4 Medium
Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script.
CVE-2023-1148 1 Flatpress 1 Flatpress 2025-03-07 4.8 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
CVE-2023-1146 1 Flatpress 1 Flatpress 2025-03-07 5.4 Medium
Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3.
CVE-2023-1107 1 Flatpress 1 Flatpress 2025-03-07 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.
CVE-2023-1106 1 Flatpress 1 Flatpress 2025-03-07 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3.
CVE-2023-22778 1 Arubanetworks 2 Arubaos, Sd-wan 2025-03-07 4.8 Medium
A vulnerability in the ArubaOS web management interface could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.
CVE-2022-4901 1 Sophos 1 Connect 2025-03-07 3.3 Low
Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.
CVE-2024-38317 1 Ibm 1 Aspera Shares 2025-03-07 4.8 Medium
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-56472 1 Ibm 1 Aspera Shares 2025-03-07 6.4 Medium
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-38318 1 Ibm 1 Aspera Shares 2025-03-07 4.8 Medium
IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
CVE-2023-38333 1 Zohocorp 1 Manageengine Applications Manager 2025-03-07 6.1 Medium
Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.
CVE-2021-36399 1 Moodle 1 Moodle 2025-03-07 5.4 Medium
In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk.
CVE-2021-36398 1 Moodle 1 Moodle 2025-03-07 5.4 Medium
In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.