Search Results (47148 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-27918 1 Tms-outsource 1 Amelia 2025-01-27 6.1 Medium
Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by having a user who is logging in the WordPress where the product is installed visit a malicious URL.
CVE-2023-27888 1 Sitebridge 1 Joruri Gw 2025-01-27 5.4 Medium
Cross-site scripting vulnerability in Joruri Gw Ver 3.2.5 and earlier allows a remote authenticated attacker to inject an arbitrary script via Message Memo function of the affected product.
CVE-2023-30354 1 Tenda 2 Cp3, Cp3 Firmware 2025-01-27 9.8 Critical
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be inserted for console access.
CVE-2023-30352 1 Tenda 2 Cp3, Cp3 Firmware 2025-01-27 9.8 Critical
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for the RTSP feed.
CVE-2023-30351 1 Tenda 2 Cp3, Cp3 Firmware 2025-01-27 7.5 High
Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. This vulnerability allows attackers to connect to the TELNET service (or UART) by using the exposed credentials.
CVE-2023-2614 1 Pimcore 1 Pimcore 2025-01-27 5.4 Medium
Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.
CVE-2023-2615 1 Pimcore 1 Pimcore 2025-01-27 5.4 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.
CVE-2023-2616 1 Pimcore 1 Pimcore 2025-01-27 5.4 Medium
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.
CVE-2023-2630 1 Pimcore 1 Pimcore 2025-01-27 4.8 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.
CVE-2024-36374 1 Jetbrains 1 Teamcity 2025-01-27 4.6 Medium
In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible
CVE-2024-36373 1 Jetbrains 1 Teamcity 2025-01-27 4.6 Medium
In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible
CVE-2024-36372 1 Jetbrains 1 Teamcity 2025-01-27 4.6 Medium
In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible
CVE-2024-28781 1 Ibm 2 Devops Deploy, Urbancode Deploy 2025-01-27 5.4 Medium
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4, and 8.0 through 8.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285654.
CVE-2022-26888 1 Intel 1 Quartus Prime 2025-01-27 2.8 Low
Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2023-32070 1 Xwiki 2 Rendering, Xwiki 2025-01-27 9.1 Critical
XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting (XSS) attacks via attributes and link URLs, e.g., supported in XWiki syntax. This has been patched in XWiki 14.6-rc-1. There are no known workarounds apart from upgrading to a fixed version.
CVE-2023-30256 1 Webkul 1 Qloapps 2025-01-27 6.1 Medium
Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file.
CVE-2023-28358 1 Rocket.chat 1 Rocket.chat 2025-01-27 6.1 Medium
A vulnerability has been discovered in Rocket.Chat where a markdown parsing issue in the "Search Messages" feature allows the insertion of malicious tags. This can be exploited on servers with content security policy disabled possible leading to some issues attacks like account takeover.
CVE-2023-27237 1 Lavalite 1 Lavalite 2025-01-24 6.1 Medium
LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack.
CVE-2023-31165 1 Selinc 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more 2025-01-24 4.3 Medium
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.
CVE-2023-31164 1 Selinc 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more 2025-01-24 4.3 Medium
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL Service Bulletin dated 2022-11-15 for more details.