6664 matches found
CVE-2024-7938
A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2024-7939
A stored Cross-site Scripting XSS vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-23057
A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the...
CVE-2025-23056
A CVE describing an authenticated stored XSS in the HPE Aruba Networking Fabric Composer Web Management Interface. The vulnerability could allow an authenticated remote attacker to store and execute arbitrary script code in a victim’s browser within the compromised web interface context. Document...
CVE-2025-23055 Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in HPE Aruba Networking Fabric Composer Web Management Interface
A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack. If successfully exploited, a threat actor could run arbitrary script code in a victim's web browser within the...
Amazon Linux 2 : redis (ALASREDIS6-2025-011)
The version of redis installed on the remote host is prior to 6.2.14-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2REDIS6-2025-011 advisory. Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script...
CVE-2025-20168
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied...
CVE-2025-20168 Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied...
CVE-2025-20167 Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector CSPC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied...
CVE-2024-12090
A stored Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2021-1444
A vulnerability in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to...
CVE-2020-3420 Cisco Unified Communications Manager Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of...
CVE-2020-3532 Cisco Unified Communications Products Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to...
CVE-2021-1444 Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software Web Services Interface Cross-Site Scripting Vulnerability
A vulnerability in the web services interface of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to...
CVE-2022-20631
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate...
CVE-2022-20631 Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate...
CVE-2022-20631 Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate...
CVE-2023-20060 Cisco Prime Collaboration Deployment Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Collaboration Deployment could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management interface does not...
Cisco IP Phone Cross-Site Scripting Vulnerability (CNVD-2024-45292)
Cisco IP Phone is a hardware device from the American company Cisco Cisco. IP Phone that provides calling capabilities. The Cisco IP Phone suffers from a cross-site scripting vulnerability that stems from the affected device's WebUI not properly validating user-supplied input. An authenticated,...
CVE-2024-20533
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting XSS attacks against users. This vulnerabilit...