Total
45280 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0732 | 1 Oretnom23 | 1 Online Eyewear Shop | 2025-03-25 | 3.5 Low |
| A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is the function registration of the file oews/classes/Users.php of the component POST Request Handler. The manipulation of the argument firstname/middlename/lastname/email/contact leads to cross site scripting. The attack can be launched remotely. The identifier VDB-220369 was assigned to this vulnerability. | ||||
| CVE-2023-0747 | 1 Btcpayserver | 1 Btcpayserver | 2025-03-25 | 5.5 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. | ||||
| CVE-2023-23475 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-03-25 | 4.6 Medium |
| IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245423. | ||||
| CVE-2025-20208 | 1 Cisco | 1 Telepresence Management Suite | 2025-03-25 | 4.6 Medium |
| A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow a low-privileged, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data in a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | ||||
| CVE-2023-0624 | 1 Orangescrum | 1 Orangescrum | 2025-03-24 | 6.1 Medium |
| OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html. | ||||
| CVE-2022-34362 | 3 Ibm, Linux, Microsoft | 5 Aix, Linux On Ibm Z, Sterling Secure Proxy and 2 more | 2025-03-24 | 4.6 Medium |
| IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523. | ||||
| CVE-2023-24690 | 1 Churchcrm | 1 Churchcrm | 2025-03-24 | 5.4 Medium |
| ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family. | ||||
| CVE-2023-24687 | 1 Mojoportal | 1 Mojoportal | 2025-03-24 | 5.4 Medium |
| Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter. | ||||
| CVE-2023-24686 | 1 Churchcrm | 1 Churchcrm | 2025-03-24 | 4.8 Medium |
| An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file. | ||||
| CVE-2023-24322 | 1 Mojoportal | 1 Mojoportal | 2025-03-24 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters. | ||||
| CVE-2022-33934 | 1 Dell | 1 Emc Powerscale Onefs | 2025-03-24 | 7.7 High |
| Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges may potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected fields. | ||||
| CVE-2024-7976 | 1 Google | 1 Chrome | 2025-03-24 | 4.3 Medium |
| Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-24234 | 1 Inventory Management System Project | 1 Inventory Management System | 2025-03-24 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter. | ||||
| CVE-2023-24233 | 1 Inventory Management System Project | 1 Inventory Management System | 2025-03-24 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter. | ||||
| CVE-2023-24232 | 1 Inventory Management System Project | 1 Inventory Management System | 2025-03-24 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter. | ||||
| CVE-2023-24231 | 1 Inventory Management System Project | 1 Inventory Management System | 2025-03-24 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/categories.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Categories Name parameter. | ||||
| CVE-2023-24230 | 1 Formwork Project | 1 Formwork | 2025-03-24 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter. | ||||
| CVE-2022-45285 | 1 Vsourz | 1 Advanced Cf7 Db | 2025-03-24 | 6.1 Medium |
| Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2022-44261 | 1 Averydennison | 2 Monarch Printer M9855, Monarch Printer M9855 Firmware | 2025-03-24 | 6.1 Medium |
| Avery Dennison Monarch Printer M9855 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2022-34451 | 1 Dell | 1 Powerpath Management Appliance | 2025-03-24 | 4.8 Medium |
| PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user could potentially exploit this vulnerability, to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server. | ||||