| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.1.3 versions. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ollybach WPPizza – A Restaurant Plugin plugin <= 3.17.1 versions. |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Theme Palace TP Education plugin <= 4.4 versions. |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Pexle Chris Library Viewer plugin <= 2.0.6 versions. |
|
Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description
|
|
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation
|
|
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation
|
| A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page. |
| Cross Site Scripting vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the description parameter in insert.php. |
| Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the emial parameter of admin-profile.php. |
| Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php. |
| Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin/luci/admin/network/bandwidth via the icon parameter. |
| Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in /cgi-bin/luci/admin/network/wireless/status via the iface parameter. |
| Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled. |
| Optimizely CMS UI before v12.16.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Admin panel. |
| A Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester Task Reminder System 1.0 allows an authenticated user to inject malicious javascript into the page parameter. |
| Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration). |
| Dromara Sureness before v1.0.8 was discovered to use a hardcoded key. |
| Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token. |
| Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code via the search feature. |
