Filtered by CWE-79
Total 45279 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-0786 1 Phpmyfaq 1 Phpmyfaq 2025-03-24 8.4 High
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
CVE-2023-0787 1 Phpmyfaq 1 Phpmyfaq 2025-03-24 8.1 High
Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
CVE-2024-55009 1 Datax 1 Autobib 2025-03-24 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability in AutoBib - Bibliographic collection management system 3.1.140 and earlier allows attackers to execute arbitrary Javascript in the context of a victim's browser via injecting a crafted payload into the WCE=topFrame&WCU= parameter.
CVE-2024-1589 1 Pressified 1 Sendpress 2025-03-24 6.1 Medium
The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-43113 1 Mozilla 1 Firefox 2025-03-24 6.1 Medium
The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129.
CVE-2023-23286 1 Farsight 1 Provide Server 2025-03-24 6.1 Medium
Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form.
CVE-2024-4270 1 Andibauer 1 Svgmagic 2025-03-24 5.4 Medium
The SVGMagic WordPress plugin through 1.1 does not sanitize SVG file contents, which enables users with at least the author role to SVG with malicious JavaScript to conduct Stored XSS attacks.
CVE-2021-24177 1 Filemanagerpro 1 File Manager 2025-03-24 5.4 Medium
In the default configuration of the File Manager WordPress plugin before 7.1, a Reflected XSS can occur on the endpoint /wp-admin/admin.php?page=wp_file_manager_properties when a payload is submitted on the User-Agent parameter. The payload is then reflected back on the web application response.
CVE-2024-13918 1 Laravel 1 Framework 2025-03-24 8 High
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.
CVE-2024-13919 1 Laravel 1 Framework 2025-03-24 8 High
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.
CVE-2025-2150 1 Hgiga 1 C\&cm\@il 2025-03-24 5.4 Medium
The C&Cm@il from HGiga has a Stored Cross-Site Scripting (XSS) vulnerability, allowing remote attackers with regular privileges to send emails containing malicious JavaScript code, which will be executed in the recipient's browser when they view the email.
CVE-2022-48110 1 Ckeditor 1 Ckeditor 2025-03-24 6.1 Medium
CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator (who is adding CKEditor 5 functionality to a website) to choose the correct security settings for their use case. Also, safe default values are established (e.g., config.htmlEmbed.showPreviews is false).
CVE-2024-30160 1 Mitel 1 Micollab 2025-03-22 4.8 Medium
A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts.
CVE-2024-30159 1 Mitel 1 Micollab 2025-03-22 4.8 Medium
A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary scripts.
CVE-2024-41709 1 Backdropcms 1 Backdrop 2025-03-21 6.1 Medium
Backdrop CMS before 1.27.3 and 1.28.x before 1.28.2 does not sufficiently sanitize field labels before they are displayed in certain places. This vulnerability is mitigated by the fact that an attacker must have a role with the "administer fields" permission.
CVE-2023-27294 1 Opencats 1 Opencats 2025-03-21 5.4 Medium
Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. This could result in stealing session tokens from users with higher permission levels or forcing users to make actions without their knowledge.
CVE-2023-27293 1 Opencats 1 Opencats 2025-03-21 6.1 Medium
Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used to steal other users’ cookies and force users to make actions without their knowledge.
CVE-2024-39662 1 Modernaweb 1 Black Widgets For Elementor 2025-03-21 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.5.
CVE-2022-2168 1 W3eden 1 Download Manager 2025-03-21 6.1 Medium
The Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting
CVE-2023-24086 1 Slims Project 1 Slims 2025-03-21 6.1 Medium
SLIMS v9.5.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /customs/loan_by_class.php?reportView.