The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2023-43458 | Cross Site Scripting (XSS) vulnerability in Resort Reservation System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the room, name, and description parameters in the manage_room function. | -- | Sep 26, 2023 |
| CVE-2020-19952 | Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file. | -- | Aug 11, 2023 |
| CVE-2020-20140 | Cross Site Scripting (XSS) vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17. | MEDIUM | Dec 18, 2020 |
| CVE-2023-24744 | Cross Site Scripting (XSS) vulnerability in Rediker Software AdminPlus 6.1.91.00 allows remote attackers to run arbitrary code via the onload function within the application DOM. | -- | May 4, 2023 |
| CVE-2020-27449 | Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload. | -- | Aug 11, 2023 |
| CVE-2023-29637 | Cross Site Scripting (XSS) vulnerability in Qbian61 forum-java, allows attackers to inject arbitrary web script or HTML via editing the article content in the article editor page. | -- | May 1, 2023 |
| CVE-2023-46503 | Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a remote attacker to execute arbitrary code via the reader management and book input modules. | -- | Oct 27, 2023 |
| CVE-2023-46504 | Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a physically proximate attacker to execute arbitrary code via the library name function in the general settings component. | -- | Oct 27, 2023 |
| CVE-2020-21333 | Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case. | LOW | Jul 9, 2021 |
| CVE-2023-23286 | Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form. | -- | Feb 10, 2023 |
| CVE-2023-49034 | Cross Site Scripting (XSS) vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files. | -- | Feb 20, 2024 |
| CVE-2023-46026 | Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary code via the \'adminname\' and \'email\' parameters. | -- | Nov 15, 2023 |
| CVE-2020-22251 | Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin. | LOW | Jul 7, 2021 |
| CVE-2023-40851 | Cross Site Scripting (XSS) vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to run arbitrary code via fname, lname, email, and contact fields of the user registration page. | -- | Oct 17, 2023 |
| CVE-2023-36940 | Cross Site Scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL v.1.2 allows attackers to execute arbitrary code via a crafted payload injected into the search field. | -- | Jul 10, 2023 |
| CVE-2020-23702 | Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via \'New Shout\' in /infusions/shoutbox_panel/shoutbox_admin.php. | LOW | Jul 7, 2021 |
| CVE-2023-29643 | Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function. | -- | May 1, 2023 |
| CVE-2023-29641 | Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text. | -- | May 1, 2023 |
| CVE-2017-9451 | Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs. | MEDIUM | Jun 6, 2017 |
| CVE-2022-40365 | Cross site scripting (XSS) vulnerability in ouqiang gocron through 1.5.3, allows attackers to execute arbitrary code via scope.row.hostname in web/vue/src/pages/taskLog/list.vue. | -- | Sep 16, 2022 |
| CVE-2022-27462 | Cross Site Scripting (XSS) vulnerability in objects/function.php in function getDeviceID in WWBN AVideo through 11.6, via the yptDevice parameter to view/include/head.php. | MEDIUM | Apr 5, 2022 |
| CVE-2020-22765 | Cross Site Scripting (XSS) vulnerability in NukeViet cms 4.4.0 via the editor in the News module. | MEDIUM | Jul 30, 2021 |
| CVE-2021-33231 | Cross Site Scripting (XSS) vulnerability in New equipment page in EasyVista Service Manager 2018.1.181.1 allows remote attackers to run arbitrary code via the notes field. | -- | Oct 22, 2022 |
| CVE-2023-42325 | Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page. | -- | Nov 14, 2023 |
| CVE-2023-42327 | Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page. | -- | Nov 14, 2023 |
| CVE-2020-21219 | Cross Site Scripting (XSS) vulnerability in Netgate pf Sense 2.4.4-Release-p3 and Netgate ACME package 0.6.3 allows remote attackers to to run arbitrary code via the RootFolder field to acme_certificate_edit.php page of the ACME package. | -- | Dec 15, 2022 |
| CVE-2023-36234 | Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function. | -- | Sep 20, 2023 |
| CVE-2023-30347 | Cross Site Scripting (XSS) vulnerability in Neox Contact Center 2.3.9, via the serach_sms_api_name parameter to the SMA API search. | -- | Jun 23, 2023 |
| CVE-2023-37611 | Cross Site Scripting (XSS) vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file to the neos/management/media component. | -- | Sep 19, 2023 |
| CVE-2021-31651 | Cross Site Scripting (XSS) vulnerability in neofarg-cms 0.2.3 allows remoate attacker to run arbitrary code via the copyright field in copyright settings. | -- | Jul 31, 2023 |
| CVE-2021-36454 | Cross Site Scripting (XSS) vulnerability in Naviwebs Navigate Cms 2.9 via the navigate-quickse parameter to 1) backups\\backups.php, 2) blocks\\blocks.php, 3) brands\\brands.php, 4) comments\\comments.php, 5) coupons\\coupons.php, 6) feeds\\feeds.php, 7) functions\\functions.php, 8) items\\items.php, 9) menus\\menus.php, 10) orders\\orders.php, 11) payment_methods\\payment_methods.php, 12) products\\products.php, 13) profiles\\profiles.php, 14) shipping_methods\\shipping_methods.php, 15) templates\\templates.php, 16) users\\users.php, 17) webdictionary\\webdictionary.php, 18) websites\\websites.php, and 19) webusers\\webusers.php because the initial_url function is built in these files. | LOW | Aug 6, 2021 |
| CVE-2020-23243 | Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name=wrong_path_redirect feature. | LOW | Jul 30, 2021 |
| CVE-2020-23242 | Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature. | LOW | Jul 30, 2021 |
| CVE-2023-45885 | Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin. | -- | Nov 9, 2023 |
| CVE-2020-24075 | Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code. | -- | Aug 11, 2023 |
| CVE-2023-44813 | Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function. | -- | Oct 10, 2023 |
| CVE-2023-44812 | Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function. | -- | Oct 10, 2023 |
| CVE-2020-18132 | Cross Site Scripting (XSS) vulnerability in MIPCMS 3.6.0 allows attackers to execute arbitrary code via the category name field to categoryEdit. | -- | May 11, 2023 |
| CVE-2020-11838 | Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | LOW | Jun 19, 2020 |
| CVE-2020-11839 | Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logger product, affecting all version from 6.6.1 up to version 7.0.1. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | MEDIUM | Jun 12, 2020 |
| CVE-2020-9522 | Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | MEDIUM | Jun 19, 2020 |
| CVE-2020-21517 | Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php. | MEDIUM | Jun 22, 2021 |
| CVE-2024-29776 | Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. | -- | Mar 27, 2024 |
| CVE-2021-25810 | Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the \'src_dport_start\', \'src_dport_end\', and \'dest_port\' parameters. | MEDIUM | Apr 29, 2021 |
| CVE-2019-3602 | Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) Prior to 9.1 Update 5 allows an authenticated administrator to embed an XSS in the administrator interface via a specially crafted custom rule containing HTML. | LOW | May 21, 2019 |
| CVE-2021-4038 | Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in all scenarios. | LOW | Dec 9, 2021 |
| CVE-2021-31848 | Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension. | LOW | Nov 3, 2021 |
| CVE-2020-19619 | Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile. | LOW | Apr 2, 2021 |
| CVE-2020-19616 | Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing. | LOW | Apr 2, 2021 |
| CVE-2020-19618 | Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing. | LOW | Apr 2, 2021 |
