Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1429 | 1 Pimcore | 1 Pimcore | 2025-02-26 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19. | ||||
| CVE-2023-29623 | 1 Purchase Order Management Project | 1 Purchase Order Management | 2025-02-26 | 6.1 Medium |
| Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php. | ||||
| CVE-2023-28607 | 1 Misp-project | 1 Malware Information Sharing Platform | 2025-02-26 | 6.1 Medium |
| js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip. | ||||
| CVE-2023-1025 | 1 Simplefilelist | 1 Simple File List | 2025-02-26 | 4.8 Medium |
| The Simple File List WordPress plugin before 6.0.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-35225 | 2 Jupyter, Jupyterhub | 2 Jupyter Server Proxy, Jupyter Server Proxy | 2025-02-26 | 9.7 Critical |
| Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook server and provide authenticated web access to them. Versions of 3.x prior to 3.2.4 and 4.x prior to 4.2.0 have a reflected cross-site scripting (XSS) issue. The `/proxy` endpoint accepts a `host` path segment in the format `/proxy/<host>`. When this endpoint is called with an invalid `host` value, `jupyter-server-proxy` replies with a response that includes the value of `host`, without sanitization [2]. A third-party actor can leverage this by sending a phishing link with an invalid `host` value containing custom JavaScript to a user. When the user clicks this phishing link, the browser renders the response of `GET /proxy/<host>`, which runs the custom JavaScript contained in `host` set by the actor. As any arbitrary JavaScript can be run after the user clicks on a phishing link, this issue permits extensive access to the user's JupyterLab instance for an actor. Patches are included in versions 4.2.0 and 3.2.4. As a workaround, server operators who are unable to upgrade can disable the `jupyter-server-proxy` extension. | ||||
| CVE-2024-34791 | 1 Wpbean | 1 Wpb Elementor Addons | 2025-02-26 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpbean WPB Elementor Addons allows Stored XSS.This issue affects WPB Elementor Addons: from n/a through 1.0.9. | ||||
| CVE-2023-27059 | 1 Churchcrm | 1 Churchcrm | 2025-02-26 | 7.8 High |
| A cross-site scripting (XSS) vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field. | ||||
| CVE-2023-1496 | 1 Evilmartians | 1 Imgproxy | 2025-02-26 | 5.4 Medium |
| Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0. | ||||
| CVE-2023-1515 | 1 Pimcore | 1 Pimcore | 2025-02-26 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19. | ||||
| CVE-2023-1517 | 1 Pimcore | 1 Pimcore | 2025-02-26 | 4.8 Medium |
| Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.19. | ||||
| CVE-2023-1248 | 1 Otrs | 1 Otrs | 2025-02-26 | 6.1 Medium |
| Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X before 7.0.42; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | ||||
| CVE-2023-0320 | 1 University Information Management System Project | 1 University Information Management System | 2025-02-26 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Izmir Katip Celebi University UBYS allows Stored XSS.This issue affects UBYS: before 23.03.16. | ||||
| CVE-2023-28083 | 2 Hp, Hpe | 162 Integrated Lights-out 4, Integrated Lights-out 5, Integrated Lights-out 6 and 159 more | 2025-02-26 | 8.3 High |
| A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out. | ||||
| CVE-2023-1500 | 1 Code-projects | 1 Simple Art Gallery | 2025-02-26 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file adminHome.php. The manipulation of the argument about_info leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223400. | ||||
| CVE-2024-2348 | 2025-02-26 | 6.4 Medium | ||
| The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Meta widget in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-2200 | 2025-02-26 | 6.1 Medium | ||
| The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrm_contact_subject’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-0083 | 1 Nvidia | 1 Chatrtx | 2025-02-26 | 6.5 Medium |
| NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause a cross-site scripting error by network by running malicious scripts in users' browsers. A successful exploit of this vulnerability might lead to code execution, denial of service, and information disclosure. | ||||
| CVE-2023-28606 | 1 Misp-project | 1 Malware Information Sharing Platform | 2025-02-26 | 6.1 Medium |
| js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips. | ||||
| CVE-2023-27711 | 1 Typecho | 1 Typecho | 2025-02-26 | 4.8 Medium |
| Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via the Comment Manager /admin/manage-comments.php component. | ||||
| CVE-2023-24278 | 1 Squidex.io | 1 Squidex | 2025-02-26 | 6.1 Medium |
| Squidex before 7.4.0 was discovered to contain a squid.svg cross-site scripting (XSS) vulnerability. | ||||