Search Results (47186 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-2086 1 Starsea99 1 Starsea-mall 2025-03-13 3.5 Low
A vulnerability classified as problematic was found in StarSea99 starsea-mall 1.0. This vulnerability affects unknown code of the file /admin/indexConfigs/update. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2087 1 Starsea99 1 Starsea-mall 2025-03-13 3.5 Low
A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/goods/update. The manipulation of the argument goodsName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2085 1 Starsea99 1 Starsea-mall 2025-03-13 3.5 Low
A vulnerability classified as problematic has been found in StarSea99 starsea-mall 1.0. This affects an unknown part of the file /admin/carousels/save. The manipulation of the argument redirectUrl leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-44717 1 Dedebiz 1 Dedebiz 2025-03-13 6.1 Medium
A cross-site scripting (XSS) vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2024-42904 1 Syspass 1 Syspass 2025-03-13 6.1 Medium
A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php.
CVE-2024-36450 1 Webmin 1 Webmin 2025-03-13 5.4 Medium
Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may be altered, or a server may be halted.
CVE-2024-5802 1 Mythemeshop 1 Url Shortener 2025-03-13 6.1 Medium
The URL Shortener by Myhop WordPress plugin through 1.0.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2024-48937 1 Znuny 1 Znuny 2025-03-13 6.1 Medium
Znuny before LTS 6.5.1 through 6.5.10 and 7.0.1 through 7.0.16 allows XSS. JavaScript code in the short description of the SLA field in Activity Dialogues is executed.
CVE-2024-44716 1 Dedebiz 1 Dedebiz 2025-03-13 6.1 Medium
A cross-site scripting (XSS) vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2024-3986 1 Themeboy 1 Sportspress 2025-03-13 4.8 Medium
The SportsPress WordPress plugin before 2.7.22 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-39126 1 Roundup-tracker 1 Roundup 2025-03-13 5.4 Medium
Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.
CVE-2024-37878 1 Twcms 1 Twcms 2025-03-13 6.1 Medium
Cross Site Scripting vulnerability in TWCMS v.2.0.3 allows a remote attacker to execute arbitrary code via the /TWCMS-gh-pages/twcms/runtime/twcms_view/default,index.htm.php" PHP directly echoes parameters input from external sources
CVE-2024-24507 1 Act-on 1 Act-on 2025-03-13 4.6 Medium
Cross Site Scripting vulnerability in Act-On 2023 allows a remote attacker to execute arbitrary code via the newUser parameter in the login.jsp component.
CVE-2024-39203 1 Zblogcn 1 Z-blogphp 2025-03-13 6.1 Medium
A cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1.7.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-0428 1 Kibokolabs 1 Watu Quiz 2025-03-12 7.5 High
The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVE-2023-22868 3 Ibm, Linux, Microsoft 3 Aspera Faspex, Linux Kernel, Windows 2025-03-12 5.4 Medium
IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244117.
CVE-2022-43579 3 Ibm, Linux, Microsoft 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more 2025-03-12 4.6 Medium
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238684.
CVE-2022-4007 1 Gitlab 1 Gitlab 2025-03-12 5.4 Medium
A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side.
CVE-2023-0934 1 Answer 1 Answer 2025-03-12 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.5.
CVE-2024-56357 1 Getgrist 1 Grist-core 2025-03-12 8.1 High
grist-core is a spreadsheet hosting server. A user visiting a malicious document or submitting a malicious form could have their account compromised, because it was possible to use the `javascript:` scheme with custom widget URLs and form redirect URLs. This issue has been patched in version 1.3.1. Users are advised to upgrade. Users unable to upgrade should avoid visiting documents or forms prepared by people they do not trust.