Lucene search
K

176 matches found

NVD
NVD
added 2025/03/10 6:15 p.m.8 views

CVE-2024-53307

A reflected cross-site scripting XSS vulnerability in the /mw/ endpoint of Evisions MAPS v6.10.2.267 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...

5.4CVSS0.0029EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/04 12:0 a.m.13 views

CVE-2025-26091

A Cross Site Scripting XSS vulnerability exists in TeamPasswordManager v12.162.284 and before that could allow a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'name' parameter when creating a new password in the "My...

0.00283EPSS
Exploits1References1
NVD
NVD
added 2025/03/03 4:15 p.m.14 views

CVE-2025-0555

A Cross Site Scripting XSS vulnerability in GitLab-EE affecting all versions from 16.6 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows an attacker to bypass security controls and execute arbitrary scripts in a users browser under specific conditions...

7.7CVSS0.00439EPSS
Exploits0References2
NVD
NVD
added 2025/02/28 4:15 p.m.17 views

CVE-2025-25461

A Stored Cross-Site Scripting XSS vulnerability exists in SeedDMS 6.0.29. A user or rogue admin with the "Add Category" permission can inject a malicious XSS payload into the category name field. When a document is subsequently associated with this category, the payload is stored on the server an...

5.4CVSS0.00478EPSS
Exploits3References2
RedhatCVE
RedhatCVE
added 2025/02/21 6:15 a.m.6 views

CVE-2025-22888

Movable Type contains a stored cross-site scripting vulnerability in the custom block edit page of MT Block Editor. If exploited, an arbitrary script may be executed on a logged-in user's web browser...

5.4CVSS6AI score0.00208EPSS
Exploits0References1
NVD
NVD
added 2025/02/19 6:15 a.m.11 views

CVE-2025-22888

Movable Type contains a stored cross-site scripting vulnerability in the custom block edit page of MT Block Editor. If exploited, an arbitrary script may be executed on a logged-in user's web browser...

5.4CVSS0.00208EPSS
Exploits0References2
CVE
CVE
added 2025/02/19 5:52 a.m.66 views

CVE-2025-24841

CVE-2025-24841 — Movable Type contains a stored cross-site scripting vulnerability in the HTML edit mode of the MT Block Editor, exploitable when TinyMCE6 is used as the rich text editor. The issue allows arbitrary script execution in a logged-in user’s browser. Sources describe affected products...

5.4CVSS6AI score0.00208EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 11:56 a.m.9 views

CVE-2024-7938

A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

8.7CVSS6AI score0.00295EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 10:29 p.m.7 views

CVE-2024-8004

A stored Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

8.7CVSS6.1AI score0.00289EPSS
Exploits0References1
NVD
NVD
added 2025/01/08 4:15 a.m.19 views

CVE-2025-21603

Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when accessing a crafted URL...

4.8CVSS0.00284EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/20 12:0 a.m.5 views

eSoft Planner 安全漏洞

eSoft Planner is a scheduling software for managing sports facilities from eSoft Planner, Inc. A security vulnerability exists in eSoft Planner version 3.24.08271-USA that stems from vulnerability to a cross-site scripting attack, which allows an attacker to execute arbitrary code in the context ...

5.4CVSS6.7AI score0.0036EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/09/20 12:0 a.m.5 views

Confidant 跨站脚本漏洞

Confidant is a Lyft open source application. A cross-site scripting vulnerability exists in Confidant versions prior to 6.6.2, which stems from the presence of a cross-site scripting vulnerability that could allow an attacker to execute malicious scripts on another user's browser...

4.8CVSS5.9AI score0.00347EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/09/03 3:27 p.m.4 views

Malicious code in esdjiw (npm)

The package contains obfuscated code to load content from a suspicious external domain in the user's browser --- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2024/07/29 12:56 p.m.26 views

CVE-2024-6881 Stored XSS Vulnerability

Stored XSS in M-Files Hubshare versions before 5.0.6.0 allows an authenticated attacker to execute arbitrary JavaScript in user's browser session...

8.5CVSS0.00352EPSS
Exploits0References2
OSV
OSV
added 2024/03/20 6:3 p.m.19 views

CVE-2024-23821 GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a...

4.8CVSS4.3AI score0.00405EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.5 views

HCL Technologies BigFix OSD Security Vulnerability

HCL Technologies BigFix OSD is part of a lifecycle management software from HCL Technologies, Inc. It is used for the deployment of operating systems. A security vulnerability exists in HCL Technologies BigFix Bare OSD Metal Server WebUI 311.19 and prior versions, which stems from the absence or...

9.8CVSS6.9AI score0.00413EPSS
Exploits0References2
Snyk
Snyk
added 2023/12/18 7:34 p.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via crafted input on the interface. An attacker can manipulate the output of the web page and execute arbitrary HTML and script code in a user's browser session. Details Cross-site scripting or XSS is a code...

6.3CVSS5.5AI score0.00526EPSS
Exploits0References2
OSV
OSV
added 2023/12/07 7:15 a.m.4 views

CVE-2023-49225

A cross-site-scripting vulnerability exists in Ruckus Access Point products ZoneDirector, SmartZone, and AP Solo. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see...

6.1CVSS5.8AI score0.00414EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/11/15 3:35 a.m.18 views

CVE-2023-5985

A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability exists that could cause compromise of a user’s browser when an attacker with admin privileges has modified system values...

4.8CVSS5.3AI score0.00399EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/09/30 12:0 a.m.6 views

osCommerce Cross-Site Scripting Vulnerability

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...

5.4CVSS5.9AI score0.00431EPSS
Exploits1References3
Rows per page
Query Builder