Filtered by CWE-79
Total 45268 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-27206 1 Best Pos Management System Project 1 Best Pos Management System 2025-02-28 6.1 Medium
A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of Best POS Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.
CVE-2023-27208 1 Online Pizza Ordering System Project 1 Online Pizza Ordering System 2025-02-28 6.1 Medium
A cross-site scripting (XSS) vulnerability in /php-opos/login.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter.
CVE-2023-27211 1 Online Pizza Ordering System Project 1 Online Pizza Ordering System 2025-02-28 6.1 Medium
A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.
CVE-2023-27212 1 Online Pizza Ordering System Project 1 Online Pizza Ordering System 2025-02-28 6.1 Medium
A cross-site scripting (XSS) vulnerability in /php-opos/signup.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter.
CVE-2023-1286 1 Pimcore 1 Pimcore 2025-02-28 4.8 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.
CVE-2023-1312 1 Pimcore 1 Pimcore 2025-02-28 4.8 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19.
CVE-2023-1318 1 Enhancesoft 1 Osticket 2025-02-28 5.4 Medium
Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6.
CVE-2025-27139 1 Combodo 1 Itop 2025-02-28 6.8 Medium
Combodo iTop is a web based IT service management tool. Versions prior to 2.7.12, 3.1.2, and 3.2.0 are vulnerable to cross-site scripting when the preferences page is opened. Versions 2.7.12, 3.1.2, and 3.2.0 fix the issue.
CVE-2024-45741 1 Splunk 3 Splunk, Splunk Cloud Platform, Splunk Enterprise 2025-02-28 5.4 Medium
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create a malicious payload through a custom configuration file that the "api.uri" parameter from the "/manager/search/apps/local" endpoint in Splunk Web calls. This could result in execution of unauthorized JavaScript code in the browser of a user.
CVE-2024-45740 1 Splunk 2 Splunk, Splunk Cloud Platform 2025-02-28 5.4 Medium
In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through Scheduled Views that could result in execution of unauthorized JavaScript code in the browser of a user.
CVE-2023-22932 1 Splunk 2 Splunk, Splunk Cloud Platform 2025-02-28 8 High
In Splunk Enterprise 9.0 versions before 9.0.4, a View allows for Cross-Site Scripting (XSS) through the error message in a Base64-encoded image. The vulnerability affects instances with Splunk Web enabled. It does not affect Splunk Enterprise versions below 9.0.
CVE-2023-32715 1 Splunk 1 Splunk App For Lookup File Editing 2025-02-28 4.7 Medium
In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the user’s machine. The app itself does not contain the potentially malicious JavaScript code. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser, and requires additional user interaction to trigger. The attacker cannot exploit the vulnerability at will.
CVE-2024-36992 1 Splunk 2 Splunk, Splunk Cloud Platform 2025-02-28 5.4 Medium
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View that could result in execution of unauthorized JavaScript code in the browser of a user. The “url” parameter of the Dashboard element does not have proper input validation to reject invalid URLs, which could lead to a Persistent Cross-site Scripting (XSS) exploit.
CVE-2023-32711 1 Splunk 1 Splunk 2025-02-28 5.4 Medium
In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework (CVE-2019-8331) and build a stored cross-site scripting (XSS) payload.
CVE-2024-36997 1 Splunk 2 Splunk, Splunk Cloud Platform 2025-02-28 4.6 Medium
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312, an admin user could store and execute arbitrary JavaScript code in the browser context of another Splunk user through the conf-web/settings REST endpoint. This could potentially cause a persistent cross-site scripting (XSS) exploit.
CVE-2024-36994 1 Splunk 2 Splunk, Splunk Cloud Platform 2025-02-28 5.4 Medium
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a View and Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.
CVE-2023-40592 1 Splunk 2 Splunk, Splunk Cloud Platform 2025-02-28 8.4 High
In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance.
CVE-2023-22933 1 Splunk 2 Splunk, Splunk Cloud Platform 2025-02-28 8 High
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a View allows for Cross-Site Scripting (XSS) in an extensible mark-up language (XML) View through the ‘layoutPanel’ attribute in the ‘module’ tag’.
CVE-2023-46213 1 Splunk 3 Cloud, Splunk, Splunk Cloud Platform 2025-02-28 4.8 Medium
In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser.
CVE-2024-36993 1 Splunk 2 Splunk, Splunk Cloud Platform 2025-02-28 5.4 Medium
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through a Splunk Web Bulletin Messages that could result in execution of unauthorized JavaScript code in the browser of a user.