Filtered by CWE-79
Total 45272 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-40348 1 Intern Record System Project 1 Intern Record System 2025-03-17 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'name' and 'email' parameters, allows attackers to execute arbitrary code.
CVE-2024-2630 2 Fedoraproject, Google 2 Fedora, Chrome 2025-03-17 6.5 Medium
Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-1153 1 Kreaturamedia 1 Layerslider 2025-03-17 4.8 Medium
The LayerSlider WordPress plugin before 7.1.2 does not sanitise and escape Project's slug before outputting it back in various place, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
CVE-2024-38454 1 Expressionengine 1 Expressionengine 2025-03-17 6.1 Medium
ExpressionEngine before 7.4.11 allows XSS.
CVE-2024-25226 1 Code-projects 1 Simple Admin Panel 2025-03-14 6.1 Medium
A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function.
CVE-2023-7233 1 Tri 1 Gigpress 2025-03-14 4.8 Medium
The GigPress WordPress plugin through 2.3.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2023-24081 1 Go-redrock 1 Tutortrac 2025-03-14 5.4 Medium
Multiple stored cross-site scripting (XSS) vulnerabilities in Redrock Software TutorTrac before v4.2.170210 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the reason and location fields of the visits listing page.
CVE-2024-40602 1 Mediawiki 1 Mediawiki 2025-03-14 6.1 Medium
An issue was discovered in the Tempo skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.
CVE-2024-25090 1 Apache 1 Roller 2025-03-14 5.4 Medium
Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.3. This issue affects Apache Roller: from 5.0.0 before 6.1.3. Users are recommended to upgrade to version 6.1.3, which fixes the issue.
CVE-2024-21178 1 Oracle 1 Peoplesoft Enterprise Peopletools 2025-03-14 6.1 Medium
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
CVE-2024-6517 2 Contact Form 7 Captcha Project, Dotsquares 2 Contact Form 7 Math Captcha, Contact Form 7 Math Captcha 2025-03-14 6.1 Medium
The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users.
CVE-2024-44930 2 Serilog, Serilog-contrib 2 Serilog, Serilog-enrichers-clientinfo 2025-03-14 6.5 Medium
Serilog before v2.1.0 was discovered to contain a Client IP Spoofing vulnerability, which allows attackers to falsify their IP addresses by specifying an arbitrary IP as a value of X-Forwarded-For or Client-Ip headers while performing HTTP requests.
CVE-2024-44682 1 Shopxo 1 Shopxo 2025-03-14 6.1 Medium
ShopXO 6.2 is vulnerable to Cross Site Scripting (XSS) in the backend that allows attackers to execute code by changing POST parameters.
CVE-2024-41591 1 Draytek 48 Vigor1000b, Vigor1000b Firmware, Vigor165 and 45 more 2025-03-14 6.1 Medium
DrayTek Vigor3910 devices through 4.3.2.6 allow unauthenticated DOM-based reflected XSS.
CVE-2024-37671 1 Tessi 1 Docubase 2025-03-14 5.4 Medium
Cross Site Scripting vulnerability in Tessi Docubase Document Management product 5.x allows a remote attacker to execute arbitrary code via the page parameter.
CVE-2024-33209 1 Flatpress 1 Flatpress 2025-03-14 5.4 Medium
FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser.
CVE-2024-40737 2 Minhquan202, Netbox 2 Vuln-netbox, Netbox 2025-03-14 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/add.
CVE-2024-40510 1 Openpetra 1 Openpetra 2025-03-14 8.2 High
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMCommon.asmx function.
CVE-2024-40605 1 Mediawiki 1 Mediawiki 2025-03-14 4.8 Medium
An issue was discovered in the Foreground skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.
CVE-2022-4784 1 Presscustomizr 1 Hueman Addons 2025-03-14 5.4 Medium
The Hueman Addons WordPress plugin through 2.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks