Filtered by CWE-79
Total 45258 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-1875 1 Phpmyfaq 1 Phpmyfaq 2025-02-04 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.
CVE-2023-30788 1 Monicahq 1 Monica 2025-02-04 5.4 Medium
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people/add` endpoint and nickName, description, lastName, middleName and firstName parameter.
CVE-2025-0844 1 Needyamin 1 Library Card System 2025-02-04 4.3 Medium
A vulnerability was found in needyamin Library Card System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file signup.php of the component Registration Page. The manipulation of the argument firstname/lastname/email/borrow/user_address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2023-29848 1 Hockeycomputindo 1 Bang Resto 2025-02-04 4.8 Medium
Bang Resto 1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the itemName parameter in the admin/menu.php Add New Menu function.
CVE-2023-26061 1 Nokia 1 Netact 2025-02-04 6.8 Medium
An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.
CVE-2023-26059 1 Nokia 1 Netact 2025-02-04 6.8 Medium
An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zone behind a perimeter firewall and without exposure to the internet. The attack can only be performed by an internal user.
CVE-2023-25347 1 Churchcrm 1 Churchcrm 2025-02-04 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. These input fields are located in the "Title" Input Field in EventEditor.php.
CVE-2023-25314 1 Wwbn 1 Avideo 2025-02-04 6.1 Medium
Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user.
CVE-2022-28354 1 Mybb 1 Active Threads 2025-02-04 6.1 Medium
In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period.
CVE-2024-43317 1 Metagauss 1 Registrationmagic 2025-02-04 4.3 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Metagauss User Registration Team RegistrationMagic allows Cross-Site Scripting (XSS).This issue affects RegistrationMagic: from n/a through 6.0.1.0.
CVE-2023-26843 1 Churchcrm 1 Churchcrm 2025-02-04 5.4 Medium
A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php.
CVE-2024-48893 1 Fortinet 1 Fortisoar 2025-02-03 6.4 Medium
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via the creation of malicious playbook.
CVE-2024-52967 1 Fortinet 1 Fortiportal 2025-02-03 3.3 Low
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection.
CVE-2012-5873 1 Arc2 Project 1 Arc2 2025-02-03 5.3 Medium
ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the end_point.php query parameter in an output=htmltab action.
CVE-2023-30790 1 Monicahq 1 Monica 2025-02-03 5.4 Medium
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/relationships` endpoint and first_name and last_name parameter.
CVE-2023-30789 1 Monicahq 1 Monica 2025-02-03 5.4 Medium
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/work` endpoint and job and company parameter.
CVE-2023-30838 1 Prestashop 1 Prestashop 2025-02-03 8.6 High
PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the `ValidateCore::isCleanHTML()` method of Prestashop misses hijackable events which can lead to cross-site scripting (XSS) injection, allowed by the presence of pre-setup `@keyframes` methods. This XSS, which hijacks HTML attributes, can be triggered without any interaction by the visitor/administrator, which makes it as dangerous as a trivial XSS attack. Contrary to other attacks which target HTML attributes and are triggered without user interaction (such as onload / onerror which suffer from a very limited scope), this one can hijack every HTML element, which increases the danger due to a complete HTML elements scope. Versions 8.0.4 and 1.7.8.9 contain a fix for this issue.
CVE-2023-30787 1 Monicahq 1 Monica 2025-02-03 5.4 Medium
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/introductions` endpoint and first_met_additional_info parameter.
CVE-2023-30212 1 Ourphp 1 Ourphp 2025-02-03 6.1 Medium
OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.
CVE-2023-30210 1 Ourphp 1 Ourphp 2025-02-03 6.1 Medium
OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via ourphp_tz.php.