Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36416 | 1 Microsoft | 1 Dynamics 365 | 2025-02-27 | 6.1 Medium |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2023-38219 | 1 Adobe | 2 Commerce, Magento | 2025-02-27 | 8.7 High |
| Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact. | ||||
| CVE-2023-5867 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-02-27 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2. | ||||
| CVE-2023-5873 | 1 Pimcore | 1 Pimcore | 2025-02-27 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0. | ||||
| CVE-2023-5890 | 1 Sfu | 1 Pkp Web Application Library | 2025-02-27 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | ||||
| CVE-2023-5892 | 1 Sfu | 1 Pkp Web Application Library | 2025-02-27 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | ||||
| CVE-2023-5891 | 1 Sfu | 1 Pkp Web Application Library | 2025-02-27 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | ||||
| CVE-2023-5894 | 1 Sfu | 1 Open Journal Systems | 2025-02-27 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pkp/ojs prior to 3.3.0-16. | ||||
| CVE-2023-5895 | 1 Sfu | 1 Pkp Web Application Library | 2025-02-27 | 5.4 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | ||||
| CVE-2023-5896 | 1 Sfu | 1 Pkp Web Application Library | 2025-02-27 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4. | ||||
| CVE-2023-5903 | 1 Sfu | 1 Pkp Web Application Library | 2025-02-27 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | ||||
| CVE-2023-5904 | 1 Sfu | 1 Pkp Web Application Library | 2025-02-27 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | ||||
| CVE-2023-5917 | 1 Phpbb | 1 Phpbb | 2025-02-27 | 2.4 Low |
| A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acp_icons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.3.11 is able to address this issue. The patch is named ccf6e6c255d38692d72fcb613b113e6eaa240aac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244307. | ||||
| CVE-2023-5930 | 1 Simple Student Information System Project | 1 Simple Student Information System | 2025-02-27 | 3.5 Low |
| A vulnerability was found in Campcodes Simple Student Information System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/students/manage_academic.php. The manipulation of the argument student_id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-244330 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-6075 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2025-02-27 | 3.5 Low |
| A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file index.php of the component Reservation Request Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-244944. | ||||
| CVE-2025-27108 | 1 Ryansolid | 1 Dom Expressions | 2025-02-27 | 7.3 High |
| dom-expressions is a Fine-Grained Runtime for Performant DOM Rendering. In affected versions the use of javascript's `.replace()` opens up to potential Cross-site Scripting (XSS) vulnerabilities with the special replacement patterns beginning with `$`. Particularly, when the attributes of `Meta` tag from solid-meta are user-defined, attackers can utilise the special replacement patterns, either `$'` or `$\`` to achieve XSS. The solid-meta package has this issue since it uses `useAffect` and context providers, which injects the used assets in the html header. "dom-expressions" uses `.replace()` to insert the assets, which is vulnerable to the special replacement patterns listed above. This effectively means that if the attributes of an asset tag contained user-controlled data, it would be vulnerable to XSS. For instance, there might be meta tags for the open graph protocol in a user profile page, but if attackers set the user query to some payload abusing `.replace()`, then they could execute arbitrary javascript in the victim's web browser. Moreover, it could be stored and cause more problems. This issue has been addressed in version 0.39.5 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-27070 | 1 Totaljs | 1 Openplatform | 2025-02-27 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field. | ||||
| CVE-2023-26912 | 1 S-mall-ssm Project | 1 S-mall-ssm | 2025-02-27 | 4.8 Medium |
| Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae73e375d33ef71 on Feb 17, 2020, allows local attackers to execute arbitrary code via the evaluate button. | ||||
| CVE-2022-48111 | 1 Siri-informatica | 1 Wi400 | 2025-02-27 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter. | ||||
| CVE-2024-25690 | 3 Esri, Linux, Microsoft | 3 Portal For Arcgis, Linux Kernel, Windows | 2025-02-27 | 4.7 Medium |
| There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser. | ||||