Filtered by CWE-79
Total 45268 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-27059 1 Churchcrm 1 Churchcrm 2025-02-26 7.8 High
A cross-site scripting (XSS) vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field.
CVE-2023-1496 1 Evilmartians 1 Imgproxy 2025-02-26 5.4 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0.
CVE-2023-1515 1 Pimcore 1 Pimcore 2025-02-26 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.
CVE-2023-1517 1 Pimcore 1 Pimcore 2025-02-26 4.8 Medium
Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.19.
CVE-2023-1248 1 Otrs 1 Otrs 2025-02-26 6.1 Medium
Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X before 7.0.42; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
CVE-2023-28083 2 Hp, Hpe 162 Integrated Lights-out 4, Integrated Lights-out 5, Integrated Lights-out 6 and 159 more 2025-02-26 8.3 High
A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out.
CVE-2023-1500 1 Code-projects 1 Simple Art Gallery 2025-02-26 3.5 Low
A vulnerability, which was classified as problematic, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file adminHome.php. The manipulation of the argument about_info leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223400.
CVE-2023-28606 1 Misp-project 1 Malware Information Sharing Platform 2025-02-26 6.1 Medium
js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.
CVE-2023-27711 1 Typecho 1 Typecho 2025-02-26 4.8 Medium
Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via the Comment Manager /admin/manage-comments.php component.
CVE-2023-24278 1 Squidex.io 1 Squidex 2025-02-26 6.1 Medium
Squidex before 7.4.0 was discovered to contain a squid.svg cross-site scripting (XSS) vulnerability.
CVE-2023-0370 1 Wpbean 1 Wpb Advanced Faq 2025-02-26 5.4 Medium
The WPB Advanced FAQ WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-22288 2 Checkmk, Tribe29 2 Checkmk, Checkmk 2025-02-26 6.8 Medium
HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails
CVE-2024-3358 2 Janobe, Sourcecodester 2 Aplaya Beach Resort Online Reservation System, Aplaya Beach Resort Online Reservation System 2025-02-26 3.5 Low
A vulnerability classified as problematic was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument to leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259462 is the identifier assigned to this vulnerability.
CVE-2024-3414 1 Nelzkie15 1 Human Resource Information System 2025-02-26 3.5 Low
A vulnerability was found in SourceCodester Human Resource Information System 1.0 and classified as problematic. This issue affects some unknown processing of the file Superadmin_Dashboard/process/addcorporate_process.php. The manipulation of the argument corporate_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259583.
CVE-2022-45004 1 Getgophish 1 Gophish 2025-02-26 6.1 Medium
Gophish through 0.12.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted landing page.
CVE-2020-19947 1 Markdown Edit Project 1 Markdown Edit 2025-02-26 9.6 Critical
Cross Site Scripting vulnerability found in Markdown Edit allows a remote attacker to execute arbitrary code via the edit parameter of the webpage.
CVE-2023-1481 1 Monitoring Of Students Cyber Accounts System Project 1 Monitoring Of Students Cyber Accounts System 2025-02-26 3.5 Low
A vulnerability, which was classified as problematic, has been found in SourceCodester Monitoring of Students Cyber Accounts System 1.0. Affected by this issue is some unknown functionality of the file modules/balance/index.php?view=balancelist of the component POST Parameter Handler. The manipulation of the argument id with the input "><script>alert(111)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223364.
CVE-2023-26951 1 Onekeyadmin 1 Onekeyadmin 2025-02-26 5.4 Medium
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Member List module.
CVE-2023-27131 1 Typecho 1 Typecho 2025-02-26 4.8 Medium
Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code viathe Post Editorparameter.
CVE-2023-27054 1 Mirotalk 1 Mirotalk P2p 2025-02-26 6.1 Medium
A cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module.