Filtered by CWE-79
Total 45281 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-48140 1 Dedecms 1 Dedecms 2025-03-26 5.4 Medium
DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename.
CVE-2021-37518 1 Vimium Project 1 Vimium 2025-03-26 6.1 Medium
Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extension 1.66 and earlier allows remote attackers to run arbitrary code via omnibar feature.
CVE-2021-37502 1 Automad 1 Automad 2025-03-26 5.4 Medium
Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user.
CVE-2021-37378 1 Teradke 4 Cube, Cube Firmware, Cube Pro and 1 more 2025-03-26 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Teradek Cube and Cube Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.
CVE-2021-37373 1 Teradek 2 Slice, Slice Firmware 2025-03-26 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Teradek Slice 1st generation firmware 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.
CVE-2022-47983 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2025-03-26 5.4 Medium
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 243161.
CVE-2025-2623 1 Westboy 1 Cicadascms 2025-03-26 3.5 Low
A vulnerability was found in westboy CicadasCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/cms/content/save. The manipulation of the argument title/content/laiyuan leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2021-36712 1 Yzmcms 1 Yzmcms 2025-03-26 5.4 Medium
Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function.
CVE-2021-36545 1 Tpcms Project 1 Tpcms 2025-03-26 5.4 Medium
Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page.
CVE-2021-36538 1 Gurock 1 Testrail 2025-03-26 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports.
CVE-2022-47131 1 Creativeitem 1 Academy Lms 2025-03-26 4.8 Medium
A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page.
CVE-2022-42909 1 Wepanow 1 Print Away 2025-03-26 6.5 Medium
WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don“t own and print hem without authorization. In order to exploit this vulnerability, the user must have an account with wepanow.com or any of the institutions they serve, and be logged in.
CVE-2022-42908 1 Wepanow 1 Print Away 2025-03-26 6.3 Medium
WEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, allowing an attacker to deceive a user into uploading a document with a malicious filename, which will be included in subsequent HTTP responses, allowing a stored XSS to occur. This attack is persistent across victim sessions.
CVE-2024-4149 1 Premio 2 Chaty, Floating Chat Widget 2025-03-26 6.1 Medium
The Floating Chat Widget: Contact Chat Icons, WhatsApp, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2021-37374 1 Teradek 2 Clip, Clip Firmware 2025-03-26 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Teradek Clip all firmware versions allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.
CVE-2023-0677 1 Phpipam 1 Phpipam 2025-03-26 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1.
CVE-2023-0144 1 Mage-people 1 Event Manager And Tickets Selling For Woocommerce 2025-03-26 5.4 Medium
The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2022-4824 1 Essentialplugin 1 Wp Blog And Widget 2025-03-26 5.4 Medium
The WP Blog and Widgets WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
CVE-2022-4577 1 Goldplugins 1 Easy Testimonials 2025-03-26 5.4 Medium
The Easy Testimonials WordPress plugin before 3.9.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
CVE-2022-48311 1 Hp 2 Deskjet 2540 A9u23b, Deskjet 2540 A9u23b Firmware 2025-03-26 9 Critical
**UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet 2540 series printer Firmware Version CEP1FN1418BR and Product Model Number A9U23B allows authenticated attacker to inject their own script into the page via HTTP configuration page. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.