Filtered by CWE-79
Total 45292 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-10565 1 10web 1 Slider 2025-04-02 6.1 Medium
The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2024-10105 1 Blueglass 1 Jobs For Wordpress 2025-04-02 5.9 Medium
The Job Postings WordPress plugin before 2.7.11 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2023-24027 1 Misp 1 Misp 2025-04-02 6.1 Medium
In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name.
CVE-2023-24026 1 Misp-project 1 Misp 2025-04-02 6.1 Medium
In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload.
CVE-2022-41441 1 Reqlogic 1 Reqlogic 2025-04-02 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters.
CVE-2021-43446 1 Onlyoffice 1 Server 2025-04-02 6.1 Medium
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting (XSS). The "macros" feature of the document editor allows malicious cross site scripting payloads to be used.
CVE-2023-23951 1 Broadcom 2 Symantec Identity Governance And Administration, Symantec Identity Manager 2025-04-02 6.1 Medium
Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application
CVE-2023-23950 1 Broadcom 2 Symantec Identity Governance And Administration, Symantec Identity Manager 2025-04-02 6.1 Medium
User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses.
CVE-2023-23949 1 Broadcom 2 Symantec Identity Governance And Administration, Symantec Identity Manager 2025-04-02 8.1 High
An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser.
CVE-2022-4627 1 Sevenspark 1 Shiftnav 2025-04-02 5.4 Medium
The ShiftNav WordPress plugin before 1.7.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
CVE-2022-3572 1 Gitlab 1 Gitlab 2025-04-02 9.3 Critical
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed attackers to perform arbitrary actions on behalf of victims.
CVE-2023-0448 1 Matbao 1 Wp Helper Premium 2025-04-02 6.1 Medium
The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability.
CVE-2019-11291 3 Broadcom, Redhat, Vmware 3 Rabbitmq Server, Openstack, Rabbitmq 2025-04-02 4.8 Medium
Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information.
CVE-2025-0718 1 Kylephillips 1 Nested Pages 2025-04-02 4.8 Medium
The Nested Pages WordPress plugin before 3.2.13 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2025-2645 1 Phpgurukul 1 Art Gallery Management System 2025-04-02 3.5 Low
A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /product.php. The manipulation of the argument artname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-1619 1 Mooveagency 1 Gdpr Cookie Compliance 2025-04-02 4.8 Medium
The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2025-1620 1 Mooveagency 1 Gdpr Cookie Compliance 2025-04-02 4.8 Medium
The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2025-1621 1 Mooveagency 1 Gdpr Cookie Compliance 2025-04-02 4.8 Medium
The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2025-1622 1 Mooveagency 1 Gdpr Cookie Compliance 2025-04-02 3.5 Low
The GDPR Cookie Compliance WordPress plugin before 4.15.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2025-1623 1 Mooveagency 1 Gdpr Cookie Compliance 2025-04-02 3.5 Low
The GDPR Cookie Compliance WordPress plugin before 4.15.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).