Total
38585 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50136 | 1 Jfinalcms Project | 1 Jfinalcms | 2025-06-03 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table. | ||||
| CVE-2023-38827 | 1 Follettlearning | 1 Solutions Destiny | 2025-06-03 | 6.1 Medium |
| Cross Site Scripting vulnerability in Follet School Solutions Destiny v.20_0_1_AU4 and later allows a remote attacker to run arbitrary code via presentonesearchresultsform.do. | ||||
| CVE-2023-26998 | 1 Netscout | 1 Ngeniusone | 2025-06-03 | 5.4 Medium |
| Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page. | ||||
| CVE-2024-22776 | 1 Wallosapp | 1 Wallos | 2025-06-03 | 4.7 Medium |
| Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all text-based input fields without proper validation, excluding those requiring specific formats like date fields. | ||||
| CVE-2024-51508 | 1 Tiki | 1 Tiki | 2025-06-03 | 4.8 Medium |
| Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Index. | ||||
| CVE-2024-51509 | 1 Tiki | 1 Tiki | 2025-06-03 | 4.8 Medium |
| Tiki through 27.0 allows users who have certain permissions to insert a "Modules" (aka tiki-admin_modules.php) stored XSS payload in the Name. | ||||
| CVE-2024-51507 | 1 Tiki | 1 Tiki | 2025-06-03 | 4.8 Medium |
| Tiki through 27.0 allows users who have certain permissions to insert a "Create/Edit External Wiki" stored XSS payload in the Name. | ||||
| CVE-2024-0181 | 1 Nia | 1 Rrj Nueva Ecija Engineer Online Portal | 2025-06-03 | 2.4 Low |
| A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin_user.php of the component Admin Panel. The manipulation of the argument Firstname/Lastname/Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249433 was assigned to this vulnerability. | ||||
| CVE-2024-51506 | 1 Tiki | 1 Tiki | 2025-06-03 | 4.8 Medium |
| Tiki through 27.0 allows users who have certain permissions to insert a "Create a Wiki Pages" stored XSS payload in the description. | ||||
| CVE-2017-20188 | 1 Zimbra | 1 Zm-ajax | 2025-06-03 | 2.6 Low |
| A vulnerability has been found in Zimbra zm-ajax up to 8.8.1 and classified as problematic. Affected by this vulnerability is the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 8.8.2 is able to address this issue. The identifier of the patch is 8d039d6efe80780adc40c6f670c06d21de272105. It is recommended to upgrade the affected component. The identifier VDB-249421 was assigned to this vulnerability. | ||||
| CVE-2024-21627 | 1 Prestashop | 1 Prestashop | 2025-06-03 | 8.1 High |
| PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the `isCleanHTML` method. Some modules using the `isCleanHTML` method could be vulnerable to cross-site scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this issue. The best workaround is to use the `HTMLPurifier` library to sanitize html input coming from users. The library is already available as a dependency in the PrestaShop project. Beware though that in legacy object models, fields of `HTML` type will call `isCleanHTML`. | ||||
| CVE-2023-47559 | 1 Qnap | 1 Qumagie | 2025-06-03 | 5.5 Medium |
| A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later | ||||
| CVE-2024-0262 | 1 Projectworlds | 1 Online Job Portal | 2025-06-03 | 2.4 Low |
| A vulnerability was found in Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Admin/News.php of the component Create News Page. The manipulation of the argument News with the input </title><scRipt>alert(0x00C57D)</scRipt> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249818 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-0284 | 1 Kashipara | 1 Food Management System | 2025-06-03 | 3.5 Low |
| A vulnerability was found in Kashipara Food Management System up to 1.0. It has been rated as problematic. This issue affects some unknown processing of the file party_submit.php. The manipulation of the argument party_address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249839. | ||||
| CVE-2023-7215 | 1 Chanzhaoyu | 1 Chatgpt Web | 2025-06-03 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in Chanzhaoyu chatgpt-web 2.11.1. This issue affects some unknown processing. The manipulation of the argument Description with the input <image src onerror=prompt(document.domain)> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249779. | ||||
| CVE-2024-21738 | 1 Sap | 1 Netweaver Application Server Abap | 2025-06-03 | 4.1 Medium |
| SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation. | ||||
| CVE-2023-41781 | 1 Zte | 2 Mf258, Mf258 Firmware | 2025-06-03 | 5.7 Medium |
| There is a Cross-site scripting (XSS) vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered. | ||||
| CVE-2024-23178 | 1 Mediawiki | 1 Mediawiki | 2025-06-03 | 5.4 Medium |
| An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message. | ||||
| CVE-2024-23177 | 1 Mediawiki | 1 Mediawiki | 2025-06-03 | 6.1 Medium |
| An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter. | ||||
| CVE-2024-23173 | 1 Mediawiki | 1 Mediawiki | 2025-06-03 | 6.1 Medium |
| An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php. | ||||