Filtered by CWE-79
Total 45256 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-30417 1 Pearadmin 1 Pear Admin Boot 2025-02-03 5.4 Medium
A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message.
CVE-2023-30267 1 Cltphp 1 Cltphp 2025-02-03 6.1 Medium
CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via application/home/controller/Changyan.php.
CVE-2023-30177 1 Craftcms 1 Craft Cms 2025-02-03 6.1 Medium
CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.
CVE-2023-30111 1 Medicine Tracker System Project 1 Medicine Tracker System 2025-02-03 6.1 Medium
Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS).
CVE-2023-30106 1 Medicine Tracker System Project 1 Medicine Tracker System 2025-02-03 6.1 Medium
Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about.
CVE-2023-29836 1 Exelysis 1 Exelysis Unified Communications Solution 2025-02-03 6.1 Medium
Cross Site Scripting vulnerability found in Exelysis Unified Communication Solutions (EUCS) v.1.0 allows a remote attacker to execute arbitrary code via the Username parameter of the eucsAdmin login form.
CVE-2023-29442 1 Zohocorp 1 Manageengine Applications Manager 2025-02-03 6.1 Medium
Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS.
CVE-2022-27979 1 Tooljet 1 Tooljet 2025-02-03 5.4 Medium
A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component.
CVE-2024-38681 1 Wpthemespace 1 Magical Addons For Elementor 2025-02-03 6.5 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.1.41.
CVE-2024-38711 1 Ylefebvre 1 Link Library 2025-02-03 7.1 High
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.7.1.
CVE-2024-37947 1 Themeum 1 Tutor Lms 2025-02-03 5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.2.
CVE-2024-41665 1 Ampache 1 Ampache 2025-02-03 5.5 Medium
Ampache, a web based audio/video streaming application and file manager, has a stored cross-site scripting (XSS) vulnerability in versions prior to 6.6.0. This vulnerability exists in the "Playlists - Democratic - Configure Democratic Playlist" feature. An attacker with Content Manager permissions can set the Name field to `<svg onload=alert(8)>`. When any administrator or user accesses the Democratic functionality, they will be affected by this stored XSS vulnerability. The attacker can exploit this vulnerability to obtain the cookies of any user or administrator who accesses the `democratic.php` file. Version 6.6.0 contains a patch for the issue.
CVE-2024-28973 1 Dell 9 Data Domain Operating System, Dd3300, Dd6400 and 6 more 2025-02-03 5.9 Medium
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a high privileged victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery
CVE-2023-30338 1 Emlog 1 Emlog 2025-01-31 5.4 Medium
Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pro v2.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Article Title or Article Summary parameters.
CVE-2023-25292 1 Group-office 1 Group Office 2025-01-31 6.1 Medium
Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie.
CVE-2022-0209 1 Facebook-wall-and-social-integration Project 1 Facebook-wall-and-social-integration 2025-01-31 4.8 Medium
The Mitsol Social Post Feed WordPress plugin before 1.11 does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
CVE-2022-0653 1 Cozmoslabs 1 Profile Builder 2025-01-31 6.1 Medium
The Profile Builder – User Profile & User Registration Forms WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1.
CVE-2022-0710 1 Draftpress 1 Header Footer Code Manager 2025-01-31 6.1 Medium
The Header Footer Code Manager plugin <= 1.1.16 for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) via the $_REQUEST['page'] parameter.
CVE-2022-0683 1 Wpdeveloper 1 Essential Addons For Elementor 2025-01-31 6.1 Medium
The Essential Addons for Elementor Lite WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the settings parameter found in the ~/includes/Traits/Helper.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 5.0.8.
CVE-2021-39308 1 Woo-myghpay-payment-gateway Project 1 Woo-myghpay-payment-gateway 2025-01-31 6.1 Medium
The WooCommerce myghpay Payment Gateway WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the clientref parameter found in the ~/processresponse.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.0.