Filtered by CWE-79
Total 45270 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-3762 1 Emlog 1 Emlog 2025-03-05 2.4 Low
A vulnerability was found in Emlog Pro 2.2.10. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/twitter.php of the component Whisper Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260602 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-40696 1 Ibm 1 Sterling B2b Integrator 2025-03-05 4.8 Medium
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-47103 1 Ibm 1 Sterling B2b Integrator 2025-03-05 4.8 Medium
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2024-47116 1 Ibm 1 Sterling B2b Integrator 2025-03-05 5.4 Medium
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2023-26955 1 Onekeyadmin Project 1 Onekeyadmin 2025-03-05 5.4 Medium
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Admin Group module.
CVE-2024-31913 1 Ibm 1 Sterling B2b Integrator 2025-03-05 5.5 Medium
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2023-1180 1 Health Center Patient Record Management System Project 1 Health Center Patient Record Management System 2025-03-05 3.5 Low
A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file hematology_print.php. The manipulation of the argument hem_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222331.
CVE-2021-46875 1 Ibexa 1 Ez Platform Kernel 2025-03-04 6.1 Medium
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file.
CVE-2023-32340 1 Ibm 1 Sterling B2b Integrator 2025-03-04 4.6 Medium
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2023-50309 1 Ibm 1 Sterling B2b Integrator 2025-03-04 6.4 Medium
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2023-1410 2 Grafana, Redhat 2 Grafana, Ceph Storage 2025-03-04 6.2 Medium
Grafana is an open-source platform for monitoring and observability.  Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description.  Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix.
CVE-2023-26953 1 Onekeyadmin 1 Onekeyadmin 2025-03-04 4.8 Medium
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Administrator module.
CVE-2023-1240 1 Answer 1 Answer 2025-03-04 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
CVE-2023-49574 1 Flexense 1 Vx Search 2025-03-04 7.1 High
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.
CVE-2023-49573 1 Flexense 1 Vx Search 2025-03-04 7.1 High
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.
CVE-2025-0555 1 Gitlab 1 Gitlab 2025-03-04 7.7 High
A Cross Site Scripting (XSS) vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions.
CVE-2023-1841 1 Honeywell 2 Mpa2, Mpa2 Firmware 2025-03-04 8.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Honeywell MPA2 Access Panel (Web server modules) allows XSS Using Invalid Characters.This issue affects MPA2 Access Panel all version prior to R1.00.08.05.  Honeywell released firmware update package MPA2 firmware R1.00.08.05 which addresses this vulnerability. This version and all later versions correct the reported vulnerability.
CVE-2024-2001 1 Agentejo 1 Cockpit 2025-03-04 5.5 Medium
A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded.
CVE-2023-1315 1 Enhancesoft 1 Osticket 2025-03-03 5.4 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.
CVE-2023-1316 1 Enhancesoft 1 Osticket 2025-03-03 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.