The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2020-27377 | A cross-site scripting (XSS) vulnerability was discovered in the Administrator panel on the \'Setting News\' module on CMS Made Simple 2.2.14 which allows an attacker to execute arbitrary web scripts. | LOW | Jun 1, 2021 | n/a |
| CVE-2021-42770 | A Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP attribute return in the authentication tester. | MEDIUM | Nov 9, 2021 | n/a |
| CVE-2020-26628 | A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the \'Edit Profile page and triggered by another user visiting the profile. | -- | Jan 10, 2024 | n/a |
| CVE-2021-3150 | A cross-site scripting (XSS) vulnerability on the Delete Personal Data page in Cryptshare Server before 4.8.0 allows an attacker to inject arbitrary web script or HTML via the user name. The issue is fixed with the version 4.8.1 | MEDIUM | Mar 18, 2021 | n/a |
| CVE-2018-8062 | A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service. | LOW | Oct 23, 2020 | n/a |
| CVE-2020-4775 | A cross-site scripting (XSS) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. This vulnerability allows attackers to inject malicious scripts into web applications for the purpose of running unwanted actions on the end user\'s device, restricted to a single location. IBM X-Force ID: 189153. | LOW | Oct 16, 2020 | n/a |
| CVE-2020-24194 | A Cross-site scripting (XSS) vulnerability in \'user-profile.php\' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the \'fullname\' parameter. | MEDIUM | Sep 9, 2020 | n/a |
| CVE-2022-45441 | A cross-site scripting (XSS) vulnerability in Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.13)C0, which could allow an attacker to store malicious scripts in the Logs page of the GUI on a vulnerable device. A successful XSS attack could force an authenticated user to execute the stored malicious scripts and then result in a denial-of-service (DoS) condition when the user visits the Logs page of the GUI on the device. | -- | Feb 7, 2023 | n/a |
| CVE-2023-44770 | A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias. | -- | Oct 6, 2023 | n/a |
| CVE-2023-44769 | A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Spare aliases from Alias. | -- | Oct 25, 2023 | n/a |
| CVE-2023-44771 | A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout. | -- | Oct 6, 2023 | n/a |
| CVE-2024-24389 | A cross-site scripting (XSS) vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter. | -- | Mar 7, 2024 | n/a |
| CVE-2020-26153 | A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. | MEDIUM | Jul 15, 2021 | n/a |
| CVE-2022-43332 | A cross-site scripting (XSS) vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel. | -- | Nov 18, 2022 | n/a |
| CVE-2012-1932 | A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting. | LOW | Feb 20, 2020 | n/a |
| CVE-2020-11737 | A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a www substring (including the quotes) followed immediately by a DOM event listener such as onmouseover. This is fixed in 9.0.0 Patch 2. | MEDIUM | May 5, 2020 | n/a |
| CVE-2017-6799 | A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter. | MEDIUM | Mar 11, 2017 | n/a |
| CVE-2021-39499 | A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function. | MEDIUM | Sep 10, 2021 | n/a |
| CVE-2023-27225 | A cross-site scripting (XSS) vulnerability in User Registration & Login and User Management System with Admin Panel v3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the first and last name field. | -- | Jul 6, 2023 | n/a |
| CVE-2022-29710 | A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin. | MEDIUM | May 25, 2022 | n/a |
| CVE-2019-14315 | A cross-site scripting (XSS) vulnerability in upload.php in SunHater KCFinder 3.20-test1, 3.20-test2, 3.12, and earlier allows remote attackers to inject arbitrary web script or HTML via the CKEditorFuncNum parameter. | MEDIUM | Jul 31, 2019 | n/a |
| CVE-2023-24369 | A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles function. | -- | Feb 17, 2023 | n/a |
| CVE-2022-31456 | A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name parameter. | -- | Jul 26, 2023 | n/a |
| CVE-2020-8462 | A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product. | LOW | Dec 17, 2020 | n/a |
| CVE-2020-27010 | A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462. | LOW | Dec 17, 2020 | n/a |
| CVE-2022-41392 | A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings. | -- | Oct 7, 2022 | n/a |
| CVE-2022-26565 | A cross-site scripting (XSS) vulnerability in Totaljs all versions before commit 95f54a5commit, allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page. | LOW | Apr 2, 2022 | n/a |
| CVE-2022-27979 | A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component. | -- | May 4, 2023 | n/a |
| CVE-2020-12648 | A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode. | MEDIUM | Aug 14, 2020 | n/a |
| CVE-2023-41588 | A cross-site scripting (XSS) vulnerability in Time to SLA plugin v10.13.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the durationFormat parameter. | -- | Sep 15, 2023 | n/a |
| CVE-2020-29455 | A cross-Site Scripting (XSS) vulnerability in this.showInvalid and this.showInvalidCountry in SmartyStreets liveAddressPlugin.js 3.2 allows remote attackers to inject arbitrary web script or HTML via any address parameter (e.g., street or country). | MEDIUM | Dec 11, 2020 | n/a |
| CVE-2023-48198 | A Cross-Site Scripting (XSS) vulnerability in the \'product description\' component within \'/api/stock/products\' of Grocy version <= 4.0.3 allows attackers to obtain a victim\'s cookies. | -- | Nov 16, 2023 | n/a |
| CVE-2023-22921 | A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to store malicious scripts using a web management interface parameter, resulting in denial-of-service (DoS) conditions on an affected device. | -- | May 4, 2023 | n/a |
| CVE-2021-40813 | A cross-site scripting (XSS) vulnerability in the Zip content feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames. | LOW | Jan 13, 2022 | n/a |
| CVE-2020-9440 | A cross-site scripting (XSS) vulnerability in the WSC plugin through 5.5.7.5 for CKEditor 4 allows remote attackers to run arbitrary web script inside an IFRAME element by injecting a crafted HTML element into the editor. | MEDIUM | Mar 10, 2020 | n/a |
| CVE-2017-17719 | A cross-site scripting (XSS) vulnerability in the wp-concours plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the result_message parameter to includes/concours_page.php. | MEDIUM | Dec 20, 2017 | n/a |
| CVE-2019-7004 | A Cross-Site Scripting (XSS) vulnerability in the WebUI component of IP Office Application Server could allow unauthorized code execution and potentially disclose sensitive information. All product versions 11.x are affected. Product versions prior to 11.0, including unsupported versions, were not evaluated. | MEDIUM | Dec 12, 2019 | n/a |
| CVE-2019-7000 | A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencing include all 8.x versions prior to 8.0 SP14 (8.0.14). Prior versions not listed were not evaluated. | MEDIUM | Aug 7, 2019 | n/a |
| CVE-2022-25772 | A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript | MEDIUM | Jun 21, 2022 | n/a |
| CVE-2024-23553 | A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute. | -- | Feb 5, 2024 | n/a |
| CVE-2023-37529 | A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. This is not the same vulnerability as identified in CVE-2023-37530. | -- | Feb 29, 2024 | n/a |
| CVE-2023-37530 | A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a webpage trying to retrieve cookie stored information. | -- | Feb 29, 2024 | n/a |
| CVE-2023-37531 | A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code into a form field of a webpage by a user with privileged access. | -- | Feb 29, 2024 | n/a |
| CVE-2023-37528 | A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attack to exploit an application parameter during execution of the Save Report. | -- | Feb 5, 2024 | n/a |
| CVE-2019-19370 | A cross-site scripting (XSS) vulnerability in the web conferencing component of the Mitel MiCollab application before 9.0.15 for Android could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the file upload interface. A successful exploit could allow an attacker to execute arbitrary scripts. | MEDIUM | Mar 4, 2020 | n/a |
| CVE-2019-19371 | A cross-site scripting (XSS) vulnerability in the web conferencing component of Mitel MiCollab AWV before 8.1.2.2 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation in the join meeting interface. A successful exploit could allow an attacker to execute arbitrary scripts. | MEDIUM | Mar 4, 2020 | n/a |
| CVE-2021-33212 | A Cross-site scripting (XSS) vulnerability in the View in Browser feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image. | LOW | Jul 16, 2021 | n/a |
| CVE-2018-13055 | A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) in MantisBT 2.1.0 through 2.15.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. | MEDIUM | Aug 3, 2018 | n/a |
| CVE-2018-16514 | A cross-site scripting (XSS) vulnerability in the View Filters page (view_filters_page.php) and Edit Filter page (manage_filter_edit_page.php) in MantisBT 2.1.0 through 2.17.0 allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted PATH_INFO. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-13055. | LOW | Jun 21, 2019 | n/a |
| CVE-2022-45280 | A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | -- | Nov 24, 2022 | n/a |
