Total
45270 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-0954 | 1 Microsoft | 3 Project Server, Sharepoint Enterprise Server, Sharepoint Server | 2025-02-28 | 5.4 Medium |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0973, CVE-2020-0978. | ||||
| CVE-2023-21807 | 1 Microsoft | 1 Dynamics 365 | 2025-02-28 | 6.5 Medium |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2023-24919 | 1 Microsoft | 1 Dynamics 365 | 2025-02-28 | 5.4 Medium |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2023-24920 | 1 Microsoft | 1 Dynamics 365 | 2025-02-28 | 5.4 Medium |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2023-24921 | 1 Microsoft | 1 Dynamics 365 | 2025-02-28 | 5.4 Medium |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2023-24891 | 1 Microsoft | 1 Dynamics 365 | 2025-02-28 | 5.4 Medium |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2023-28309 | 1 Microsoft | 1 Dynamics 365 | 2025-02-28 | 7.6 High |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2023-28313 | 1 Microsoft | 1 Send Customer Voice Survey From Dynamics 365 | 2025-02-28 | 6.1 Medium |
| Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability | ||||
| CVE-2023-28314 | 1 Microsoft | 1 Dynamics 365 | 2025-02-28 | 6.1 Medium |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2023-33132 | 1 Microsoft | 1 Sharepoint Server | 2025-02-28 | 6.3 Medium |
| Microsoft SharePoint Server Spoofing Vulnerability | ||||
| CVE-2023-32024 | 1 Microsoft | 1 Power Apps | 2025-02-28 | 3 Low |
| Microsoft Power Apps Spoofing Vulnerability | ||||
| CVE-2023-33171 | 1 Microsoft | 1 Dynamics 365 | 2025-02-28 | 8.2 High |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2023-35335 | 1 Microsoft | 1 Dynamics 365 | 2025-02-28 | 8.2 High |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2025-1586 | 1 Code-projects | 1 Blood Bank System | 2025-02-28 | 3.5 Low |
| A vulnerability was found in code-projects Blood Bank System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /Blood/A-.php. The manipulation of the argument Bloodname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-1591 | 1 Razormist | 1 Employee Management System | 2025-02-28 | 2.4 Low |
| A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /department.php of the component Department Page. The manipulation of the argument Department Name leads to cross site scripting. The attack can be launched remotely. | ||||
| CVE-2023-27905 | 1 Jenkins | 1 Update-center2 | 2025-02-28 | 9.6 Critical |
| Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting. | ||||
| CVE-2023-27898 | 2 Jenkins, Redhat | 3 Jenkins, Ocp Tools, Openshift | 2025-02-28 | 9.6 Critical |
| Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances. | ||||
| CVE-2025-1592 | 1 Mayurik | 1 Best Employee Management System | 2025-02-28 | 2.4 Low |
| A vulnerability was found in SourceCodester Best Employee Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/Operations/Role.php of the component Add Role Page. The manipulation of the argument assign_name/description leads to cross site scripting. The attack may be launched remotely. | ||||
| CVE-2025-1614 | 1 Fiberhome | 2 An5506-01-a, An5506-01-a Firmware | 2025-02-28 | 2.4 Low |
| A vulnerability classified as problematic has been found in FiberHome AN5506-01A ONU GPON RP2511. Affected is an unknown function of the file /goform/portForwardingCfg of the component Port Forwarding Submenu. The manipulation of the argument pf_Description leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-1597 | 1 Mayurik | 1 Best Church Management Software | 2025-02-28 | 3.5 Low |
| A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/redirect.php. The manipulation of the argument a leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||