Search Results (42958 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-6748 3 Debian, Jsoup, Redhat 4 Debian Linux, Jsoup, Jboss Bpms and 1 more 2025-04-20 6.1 Medium
Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3.
CVE-2015-2885 1 Lens Laboratories 2 Peek-a-view, Peek-a-view Firmware 2025-04-20 N/A
Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account.
CVE-2017-14721 1 Wordpress 1 Wordpress 2025-04-20 N/A
Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.
CVE-2015-2148 1 Phpbugtracker Project 1 Phpbugtracker 2025-04-20 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2024-31828 1 Lavalite 1 Lavalite 2025-04-18 6.1 Medium
Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows attackers to execute arbitrary code and obtain sensitive information via a crafted payload to the URL.
CVE-2024-31741 1 1234n 1 Minicms 2025-04-18 6.1 Medium
Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code via crafted string in the URL after login.
CVE-2024-2603 1 Salonbookingsystem 1 Salon Booking System 2025-04-18 6.3 Medium
The Salon booking system WordPress plugin through 9.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin (or editor depending on Salon booking system WordPress plugin through 9.6.5 configuration) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-31609 1 Bosscms 1 Bosscms 2025-04-18 7.1 High
Cross Site Scripting (XSS) vulnerability in BOSSCMS v3.10 allows attackers to run arbitrary code via the header code and footer code fields in code configuration.
CVE-2024-55342 1 Dotnetfoundation 1 Piranha Cms 2025-04-18 4.7 Medium
A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS vulnerability.
CVE-2020-22540 1 Codologic 1 Codoforum 2025-04-18 5.4 Medium
Stored Cross-Site Scripting (XSS) vulnerability in Codoforum v4.9, allows attackers to execute arbitrary code and obtain sensitive information via crafted payload to Category name component.
CVE-2024-32505 1 Wpmet 1 Elements Kit Elementor Addons 2025-04-18 6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wpmet Elements kit Elementor addons allows Stored XSS.This issue affects Elements kit Elementor addons: from n/a through 3.0.6.
CVE-2024-4061 1 Ays-pro 1 Survey Maker 2025-04-18 4.8 Medium
The Survey Maker WordPress plugin before 4.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2022-38653 1 Hcltech 1 Digital Experience 2025-04-18 2 Low
In HCL Digital Experience, customized XSS payload can be constructed such that it is served in the application unencoded.
CVE-2024-51055 1 Hoosk 1 Hoosk 2025-04-18 6.5 Medium
An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component.
CVE-2023-46950 1 Contribsys 1 Sidekiq 2025-04-18 6.1 Medium
Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions.
CVE-2022-37832 1 Mutiny 1 Mutiny 2025-04-18 9.8 Critical
Mutiny 7.2.0-10788 suffers from Hardcoded root password.
CVE-2022-36223 1 Emby 1 Emby 2025-04-18 6.1 Medium
In Emby Server 4.6.7.0, the playlist name field is vulnerable to XSS stored where it is possible to steal the administrator access token and flip or steal the media server administrator account.
CVE-2024-24511 1 Pkp.sfu 1 Open Journal Systems 2025-04-18 6.1 Medium
Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the Input Title component.
CVE-2024-24512 1 Pkp.sfu 1 Open Journal Systems 2025-04-18 6.1 Medium
Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component.
CVE-2024-30618 1 Chamilo 1 Chamilo Lms 2025-04-18 6.1 Medium
A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content' parameter of 'group_topics.php'.