Filtered by CWE-79
Total 45264 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-36773 1 Monstra 2 Monstra, Monstra Cms 2025-02-13 4.8 Medium
A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Themes parameter at index.php.
CVE-2024-34913 2 Rubinchu, Technocking 2 R-pan-scaffolding, R-pan-scaffolding 2025-02-13 5.4 Medium
An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file.
CVE-2024-34909 1 Kykms 1 Kykms 2025-02-13 9.8 Critical
An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows attackers to execute arbitrary code via uploading a crafted PDF file.
CVE-2024-34906 1 Dootask 1 Dootask 2025-02-13 6.3 Medium
An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file.
CVE-2024-30889 2 Audimex, Web-audimex 2 Audimexee, Audimexee 2025-02-13 5.4 Medium
Cross Site Scripting vulnerability in audimex audimexEE v.15.1.2 and fixed in 15.1.3.9 allows a remote attacker to execute arbitrary code via the service, method, widget_type, request_id, payload parameters.
CVE-2024-5933 1 Lollms 1 Lollms Web Ui 2025-02-13 5.4 Medium
A Cross-site Scripting (XSS) vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This vulnerability allows an attacker to inject malicious scripts via chat messages, which are then executed in the context of the user's browser.
CVE-2020-29444 1 Atlassian 2 Confluence Data Center, Confluence Server 2025-02-12 5.4 Medium
Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbitrary HTML or Javascript via a Cross Site Scripting Vulnerability in admin global setting parameters.
CVE-2024-53962 1 Adobe 1 Experience Manager 2025-02-12 5.4 Medium
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2025-0530 2025-02-12 3.5 Low
A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. This vulnerability affects unknown code of the file /_parse/_feedback_system.php. The manipulation of the argument type leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0800 1 Argie 1 Online Courseware 2025-02-12 2.4 Low
A vulnerability classified as problematic has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file /pcci/admin/saveeditt.php of the component Edit Teacher. The manipulation of the argument fname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0806 1 Anisha 1 Job Recruitment 2025-02-12 4.3 Medium
A vulnerability was found in code-projects Job Recruitment 1.0. It has been rated as problematic. This issue affects some unknown processing of the file _call_job_search_ajax.php. The manipulation of the argument job_type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-1703 1 Pimcore 1 Pimcore 2025-02-12 5.4 Medium
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.
CVE-2023-1704 1 Pimcore 1 Pimcore 2025-02-12 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20.
CVE-2022-37462 1 Upstreamworks 1 Upstream Works On Finesse 2025-02-12 5.4 Medium
A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details.
CVE-2024-35218 1 Umbraco 1 Umbraco Cms 2025-02-12 4.2 Medium
Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting (XSS) enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in version(s) 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing IHtmlSanitizer.
CVE-2024-1700 1 Keerti1924 1 Php Mysql User Signup Login System 2025-02-12 4.3 Medium
A vulnerability, which was classified as problematic, was found in keerti1924 PHP-MYSQL-User-Login-System 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument username with the input <script>alert("xss")</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254388. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-26291 1 Forcepoint 2 Cloud Security Gateway, Web Security 2025-02-12 6.1 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_form.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_form.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023.
CVE-2023-1701 1 Pimcore 1 Pimcore 2025-02-12 5.4 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20.
CVE-2023-1702 1 Pimcore 1 Pimcore 2025-02-12 5.4 Medium
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20.
CVE-2023-2516 1 Teampass 1 Teampass 2025-02-12 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7.