Export limit exceeded: 44417 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44417 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30577 | 1 Tibco | 1 Ebx | 2025-05-22 | 8 High |
| The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 6.0.0 through 6.0.8. | ||||
| CVE-2022-2413 | 1 Simonpedge | 1 Slide Anything | 2025-05-22 | 5.4 Medium |
| The Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfiltered_html capability is disabled. | ||||
| CVE-2021-36739 | 1 Apache | 1 Pluto | 2025-05-22 | 6.1 Medium |
| The "first name" and "last name" fields of the Apache Pluto 3.1.0 MVCBean JSP portlet maven archetype are vulnerable to Cross-Site Scripting (XSS) attacks. | ||||
| CVE-2021-25022 | 1 Updraftplus | 1 Updraftplus | 2025-05-22 | 6.1 Medium |
| The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backup_timestamp and job_id parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues | ||||
| CVE-2021-24964 | 1 Litespeedtech | 1 Litespeed Cache | 2025-05-22 | 6.1 Medium |
| The LiteSpeed Cache WordPress plugin before 4.4.4 does not properly verify that requests are coming from QUIC.cloud servers, allowing attackers to make requests to certain endpoints by using a specific X-Forwarded-For header value. In addition, one of the endpoint could be used to set CSS code if a setting is enabled, which will then be output in some pages without being sanitised and escaped. Combining those two issues, an unauthenticated attacker could put Cross-Site Scripting payloads in pages visited by users. | ||||
| CVE-2019-13543 | 1 Medtronic | 5 Valleylab Exchange Client, Valleylab Ft10 Energy Platform, Valleylab Ft10 Energy Platform Firmware and 2 more | 2025-05-22 | 5.8 Medium |
| Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device. | ||||
| CVE-2018-8870 | 1 Medtronic | 4 24950 Mycarelink Monitor, 24950 Mycarelink Monitor Firmware, 24952 Mycarelink Monitor and 1 more | 2025-05-22 | 6.4 Medium |
| Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system. | ||||
| CVE-2024-12732 | 1 Cr1000 | 1 Affiliateimportereb | 2025-05-22 | 6.1 Medium |
| The AffiliateImporterEb WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-12733 | 1 Cr1000 | 1 Affiliateimportereb | 2025-05-22 | 6.1 Medium |
| The AffiliateImporterEb WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-12734 | 1 Niceit | 1 Advance Post Prefix | 2025-05-22 | 6.1 Medium |
| The Advance Post Prefix WordPress plugin through 1.1.1, Advance Post Prefix WordPress plugin through 1.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2024-13127 | 1 Thimpress | 1 Learnpress | 2025-05-22 | 4.8 Medium |
| The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2024-13128 | 1 Thimpress | 1 Learnpress | 2025-05-22 | 4.8 Medium |
| The LearnPress WordPress plugin before 4.2.7.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-2266 | 1 Yordam | 1 Library Automation System | 2025-05-22 | 6.1 Medium |
| University Library Automation System developed by Yordam Bilgi Teknolojileri before version 19.2 has an unauthenticated Reflected XSS vulnerability. This has been fixed in the version 19.2 | ||||
| CVE-2025-4858 | 1 Dlink | 2 Dap-2695, Dap-2695 Firmware | 2025-05-22 | 2.4 Low |
| A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. It has been declared as problematic. This vulnerability affects unknown code of the file /adv_arpspoofing.php of the component ARP Spoofing Prevention Page. The manipulation of the argument harp_mac leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-4859 | 1 Dlink | 2 Dap-2695, Dap-2695 Firmware | 2025-05-22 | 2.4 Low |
| A vulnerability was found in D-Link DAP-2695 120b36r137_ALL_en_20210528. It has been rated as problematic. This issue affects some unknown processing of the file /adv_macbypass.php of the component MAC Bypass Settings Page. The manipulation of the argument f_mac leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-0187 | 1 Peepso | 1 Peepso | 2025-05-22 | 6.1 Medium |
| The Community by PeepSo WordPress plugin before 6.3.1.2 does not sanitise and escape various parameters and generated URLs before outputting them back attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2023-5124 | 1 Pagelayer | 1 Pagelayer | 2025-05-22 | 4.8 Medium |
| The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfiltered_html is disallowed, such as in multi-site WordPress configurations. | ||||
| CVE-2025-4860 | 1 Dlink | 2 Dap-2695, Dap-2695 Firmware | 2025-05-22 | 2.4 Low |
| A vulnerability classified as problematic has been found in D-Link DAP-2695 120b36r137_ALL_en_20210528. Affected is an unknown function of the file /adv_dhcps.php of the component Static Pool Settings Page. The manipulation of the argument f_mac leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2023-49833 | 1 Brainstormforce | 1 Spectra | 2025-05-22 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Spectra – WordPress Gutenberg Blocks allows Stored XSS.This issue affects Spectra – WordPress Gutenberg Blocks: from n/a through 2.7.9. | ||||
| CVE-2023-49771 | 1 Petersplugins | 1 Link Log | 2025-05-22 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Raschendorfer Smart External Link Click Monitor [Link Log] allows Reflected XSS.This issue affects Smart External Link Click Monitor [Link Log]: from n/a through 5.0.2. | ||||