The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2023-42436 | Stored cross-site scripting vulnerability exists in the presentation feature of GROWI versions prior to v3.4.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | -- | Dec 26, 2023 |
CVE-2023-50339 | Stored cross-site scripting vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.1.11. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | -- | Dec 26, 2023 |
CVE-2019-5988 | Stored cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Management Page. | MEDIUM | Jan 14, 2020 |
CVE-2021-20673 | Stored cross-site scripting vulnerability in Admin Page of GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. | LOW | Mar 10, 2021 |
CVE-2020-5631 | Stored cross-site scripting vulnerability in CMONOS.JP ver2.0.20191009 and earlier allows remote attackers to inject arbitrary script via unspecified vectors. | MEDIUM | Oct 6, 2020 |
CVE-2018-0557 | Stored cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML 'E-mail Details Screen' via unspecified vectors. | MEDIUM | Jun 26, 2018 |
CVE-2022-38089 | Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script. | -- | Aug 27, 2022 |
CVE-2020-5678 | Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vectors. | MEDIUM | Dec 3, 2020 |
CVE-2017-11682 | Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) version, (2) url, or (3) rootdir parameter in hashcat.php. | MEDIUM | Jul 27, 2017 |
CVE-2022-41830 | Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN. | -- | Dec 6, 2022 |
CVE-2023-40705 | Stored cross-site scripting vulnerability in Map setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script. | -- | Sep 5, 2023 |
CVE-2021-31834 | Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator\'s entries were not correctly sanitized. | LOW | Oct 22, 2021 |
CVE-2022-41994 | Stored cross-site scripting vulnerability in Permission Settings of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | -- | Dec 7, 2022 |
CVE-2023-32607 | Stored cross-site scripting vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script. | -- | Jul 7, 2023 |
CVE-2022-36350 | Stored cross-site scripting vulnerability in PukiWiki versions 1.3.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors. | -- | Aug 24, 2022 |
CVE-2022-0182 | Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to inject an arbitrary script via an website that uses Quiz And Survey Master. | LOW | Jan 18, 2022 |
CVE-2018-2388 | Stored cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53. | MEDIUM | Feb 14, 2018 |
CVE-2023-22425 | Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script. | -- | Feb 24, 2023 |
CVE-2023-38569 | Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. | -- | Sep 5, 2023 |
CVE-2022-43499 | Stored cross-site scripting vulnerability in SHIRASAGI versions prior to v1.16.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | -- | Dec 6, 2022 |
CVE-2022-47372 | Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the stored XSS payload. | -- | Feb 16, 2023 |
CVE-2023-22427 | Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script. | -- | Feb 24, 2023 |
CVE-2022-42486 | Stored cross-site scripting vulnerability in User group management of baserCMS versions prior to 4.7.2 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | -- | Dec 7, 2022 |
CVE-2023-40535 | Stored cross-site scripting vulnerability in View setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script. | -- | Sep 5, 2023 |
CVE-2023-22370 | Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a network-adjacent authenticated attacker to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer. | -- | Feb 14, 2023 |
CVE-2020-5663 | Stored cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors. | MEDIUM | Nov 20, 2020 |
CVE-2022-44449 | Stored cross-site scripting vulnerability in Zenphoto versions prior to 1.6 allows remote a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | -- | Dec 21, 2022 |
CVE-2023-49119 | Stored cross-site scripting vulnerability via the img tags exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | -- | Dec 26, 2023 |
CVE-2023-45740 | Stored cross-site scripting vulnerability when processing profile images exists in GROWI versions prior to v4.1.3. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | -- | Dec 26, 2023 |
CVE-2023-49807 | Stored cross-site scripting vulnerability when processing the MathJax exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | -- | Dec 26, 2023 |
CVE-2023-47215 | Stored cross-site scripting vulnerability which is exploiting a behavior of the XSS Filter exists in GROWI versions prior to v6.0.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product. | -- | Dec 26, 2023 |
CVE-2020-13169 | Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account). | MEDIUM | Sep 17, 2020 |
CVE-2021-26636 | Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation. | MEDIUM | Jun 23, 2022 |
CVE-2022-1464 | Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account . | LOW | May 5, 2022 |
CVE-2021-25273 | Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706. | LOW | Jul 30, 2021 |
CVE-2022-1344 | Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user\'s browser and it can lead to session hijacking, sensitive data exposure, and worse. | LOW | Apr 13, 2022 |
CVE-2022-0942 | Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4. | LOW | Mar 15, 2022 |
CVE-2022-0941 | Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. | LOW | Mar 14, 2022 |
CVE-2022-0940 | Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. | LOW | Mar 14, 2022 |
CVE-2022-1330 | stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. stored xss . | LOW | Apr 13, 2022 |
CVE-2018-17300 | Stored XSS exists in CuppaCMS through2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name. | LOW | Sep 16, 2019 |
CVE-2018-19906 | Stored XSS exists in razorCMS 3.4.8 via the /#/page description parameter. | LOW | Dec 31, 2018 |
CVE-2020-9371 | Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML. | LOW | Mar 12, 2020 |
CVE-2018-17302 | Stored XSS exists in views/fields/wysiwyg.js in EspoCRM 5.3.6 via a /#Email/view saved draft message. | LOW | Sep 21, 2018 |
CVE-2019-9660 | Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html \"catname\" parameter. | LOW | Mar 20, 2019 |
CVE-2019-9661 | Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html \"value\" parameter, | LOW | Mar 20, 2019 |
CVE-2018-7564 | Stored XSS exists on Polycom QDX 6000 devices. | MEDIUM | Mar 7, 2018 |
CVE-2018-18419 | Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI. | LOW | Oct 19, 2018 |
CVE-2018-18259 | Stored XSS has been discovered in version 1.0.12 of the LUYA CMS software via /admin/api-cms-nav/create-page. | MEDIUM | Oct 15, 2018 |
CVE-2021-43712 | Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field. | LOW | May 9, 2022 |