Filtered by CWE-79
Total 45272 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-0419 1 Smg-webdesign 1 Shortcode For Font Awesome 2025-03-12 5.4 Medium
The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0285 1 Devowl 1 Real Media Library 2025-03-12 5.4 Medium
The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.
CVE-2022-4777 1 Bootstrap Shortcodes Project 1 Bootstrap Shortcodes 2025-03-12 5.4 Medium
The Bootstrap Shortcodes WordPress plugin through 3.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2022-4754 1 Easy Social Box Project 1 Easy Social Box 2025-03-12 5.4 Medium
The Easy Social Box / Page Plugin WordPress plugin through 4.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2022-48345 1 Paypal 1 Braintree\/sanitize-url 2025-03-12 6.1 Medium
sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities.
CVE-2021-33387 1 1234n 1 Minicms 2025-03-12 9.6 Critical
Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker to execute arbitrary code via a crafted get request.
CVE-2021-4325 1 Nhncloud 1 Toast Ui Chart 2025-03-12 3.5 Low
A vulnerability, which was classified as problematic, has been found in NHN TOAST UI Chart 4.1.4. This issue affects some unknown processing of the component Legend Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 4.2.0 is able to address this issue. The identifier of the patch is 1a3f455d17df379e11b501bb5ba1dd1bcc41d63e. It is recommended to upgrade the affected component. The identifier VDB-221501 was assigned to this vulnerability.
CVE-2023-0067 1 Timed Content Project 1 Timed Content 2025-03-12 5.4 Medium
The Timed Content WordPress plugin before 2.73 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0995 1 Business Management System Project 1 Business Management System 2025-03-12 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to v2.0.1.
CVE-2023-25928 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2025-03-12 4.6 Medium
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247646.
CVE-2022-29273 1 Netgate 1 Pfsense 2025-03-12 6.1 Medium
pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters.
CVE-2022-41567 1 Tibco 1 Businessconnect 2025-03-12 7.3 High
The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below.
CVE-2023-0949 1 Modoboa 1 Modoboa 2025-03-12 4.8 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5.
CVE-2023-22972 1 Open-emr 1 Openemr 2025-03-12 5.4 Medium
A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the REQUEST_URI.
CVE-2022-46785 1 Squaredup 1 Dashboard Server 2025-03-12 6.1 Medium
SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 1 of 2).
CVE-2022-46786 1 Squaredup 1 Dashboard Server 2025-03-12 5.4 Medium
SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 2 of 2).
CVE-2023-38121 1 Inductiveautomation 1 Ignition 2025-03-12 9.0 Critical
Inductive Automation Ignition OPC UA Quick Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the id parameter provided to the Inductive Automation Ignition web interface. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-20355.
CVE-2023-0044 2 Quarkus, Redhat 3 Quarkus, Build Of Quarkus, Quarkus 2025-03-12 6.1 Medium
If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.
CVE-2024-2270 1 Keerti1924 1 Online Bookstore Website 2025-03-12 4.3 Medium
A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /signup.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256040. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-2274 1 Bdtask 1 G-prescription Gynaecology \& Obs Consultation 2025-03-12 2.4 Low
A vulnerability, which was classified as problematic, has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. This issue affects some unknown processing of the file /Home/Index of the component Prescription Dashboard. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256043. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.