The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-47131 | A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page. | -- | Feb 3, 2023 | n/a |
| CVE-2022-47130 | A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page. | -- | Feb 3, 2023 | n/a |
| CVE-2023-27234 | A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application. | -- | Mar 15, 2023 | n/a |
| CVE-2020-20943 | A Cross-Site Request Forgery (CSRF) in /member/post.php?job=postnew&step=post of Qibosoft v7 allows attackers to force victim users into arbitrarily publishing new articles via a crafted URL. | MEDIUM | Dec 28, 2021 | n/a |
| CVE-2020-19951 | A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application. | MEDIUM | Sep 24, 2021 | n/a |
| CVE-2020-20989 | A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmod 4.13 allows attackers to arbitrarily delete logs. | MEDIUM | Aug 12, 2021 | n/a |
| CVE-2020-20945 | A Cross-Site Request Forgery (CSRF) in /admin/index.php?lfj=member&action=editmember of Qibosoft v7 allows attackers to arbitrarily add administrator accounts. | MEDIUM | Dec 28, 2021 | n/a |
| CVE-2021-22213 | A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 allowed an attacker to leak an OAuth access token by getting the victim to visit a malicious page with Safari | MEDIUM | Jun 8, 2021 | n/a |
| CVE-2017-17068 | A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with auth0.popup.callback(). | MEDIUM | Dec 6, 2017 | n/a |
| CVE-2016-4676 | A Cross-origin vulnerability exists in WebKit in Apple Safari before 10.0.1 when processing location attributes, which could let a remote malicious user obtain sensitive information. | MEDIUM | Feb 5, 2020 | n/a |
| CVE-2021-22957 | A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s account.This vulnerability is fixed in UniFi Protect application Version 1.20.0 and later. | MEDIUM | Nov 24, 2021 | n/a |
| CVE-2022-22594 | A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information. | MEDIUM | Feb 2, 2022 | n/a |
| CVE-2018-4319 | A cross-origin issue existed with \"iframe\" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. | MEDIUM | Apr 5, 2019 | n/a |
| CVE-2019-8515 | A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information. | MEDIUM | Dec 18, 2019 | n/a |
| CVE-2019-8754 | A cross-origin issue existed with iframe elements. This was addressed with improved tracking of security origins. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A malicious HTML document may be able to render iframes with sensitive user information. | MEDIUM | Oct 29, 2020 | n/a |
| CVE-2022-38473 | A cross-origin iframe referencing an XSLT document would inherit the parent domain\'s permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104. | -- | Dec 22, 2022 | n/a |
| CVE-2019-4237 | A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419. | LOW | Jul 8, 2019 | n/a |
| CVE-2024-0669 | A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element. | -- | Jan 18, 2024 | n/a |
| CVE-2021-36646 | A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45 allows remote attackers to run arbitrary code via /index.php page. | -- | Sep 7, 2023 | n/a |
| CVE-2021-40238 | A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel in Webuzo < 2.9.0 via an HTTP request to a non-existent page, which is activated by administrators viewing the Error Log page. An attacker can leverage this to achieve Unauthenticated Remote Code Execution via the Cron Jobs functionality of Webuzo. | MEDIUM | Sep 15, 2021 | n/a |
| CVE-2021-42866 | A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixelimity/admin/setting.php | LOW | Mar 31, 2022 | n/a |
| CVE-2022-30899 | A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the \'name\' field in /api/part_categories. | LOW | Jun 8, 2022 | n/a |
| CVE-2023-50357 | A cross site scripting vulnerability in the AREAL SAS Websrv1 ASP website allows a remote low-privileged attacker to gain escalated privileges of other non-admin users. | -- | Jan 31, 2024 | n/a |
| CVE-2023-34648 | A Cross Site Scripting vulnerability in PHPgurukl User Registration Login and User Management System with admin panel v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the signup.php. | -- | Jun 29, 2023 | n/a |
| CVE-2023-34835 | A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter. | -- | Jun 27, 2023 | n/a |
| CVE-2023-34837 | A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath. | -- | Jun 27, 2023 | n/a |
| CVE-2023-34836 | A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters. | -- | Jun 27, 2023 | n/a |
| CVE-2023-34838 | A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter. | -- | Jun 27, 2023 | n/a |
| CVE-2019-1003042 | A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin. | LOW | Mar 28, 2019 | n/a |
| CVE-2019-1003042 | A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin. | LOW | Apr 1, 2019 | n/a |
| CVE-2016-8517 | A cross site scripting vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found. | MEDIUM | Feb 16, 2018 | n/a |
| CVE-2016-8532 | A cross site scripting vulnerability in HPE Matrix Operating Environment version 7.6 was found. | LOW | Feb 15, 2018 | n/a |
| CVE-2024-26454 | A Cross Site Scripting vulnerability in Healthcare-Chatbot through 9b7058a can occur via a crafted payload to the email1 or pwd1 parameter in login.php. | -- | Mar 15, 2024 | n/a |
| CVE-2024-27734 | A Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows an attacker to execute arbitrary code via a crafted script to the Site Name fields of the Site Settings component. | -- | Mar 1, 2024 | n/a |
| CVE-2020-25391 | A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the \'New Pages\' field under the \'Pages Content\' module. | LOW | Jul 10, 2021 | n/a |
| CVE-2020-20584 | A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/. | MEDIUM | Jul 8, 2021 | n/a |
| CVE-2023-48208 | A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php. | -- | Dec 7, 2023 | n/a |
| CVE-2018-8651 | A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka Microsoft Dynamics NAV Cross Site Scripting Vulnerability. This affects Microsoft Dynamics NAV. | LOW | Dec 12, 2018 | n/a |
| CVE-2018-8605 | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability. This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8606, CVE-2018-8607, CVE-2018-8608. | LOW | Nov 13, 2018 | n/a |
| CVE-2018-8606 | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability. This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8607, CVE-2018-8608. | LOW | Nov 13, 2018 | n/a |
| CVE-2018-8607 | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability. This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8606, CVE-2018-8608. | LOW | Nov 13, 2018 | n/a |
| CVE-2018-8608 | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) version 8 does not properly sanitize a specially crafted web request to an affected Dynamics server, aka Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability. This affects Microsoft Dynamics 365. This CVE ID is unique from CVE-2018-8605, CVE-2018-8606, CVE-2018-8607. | LOW | Nov 13, 2018 | n/a |
| CVE-2020-1591 | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current authenticated user. These attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim\'s identity to take actions within Dynamics Server on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that Dynamics Server properly sanitizes web requests. | LOW | Aug 18, 2020 | n/a |
| CVE-2020-1049 | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka \'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability\'. This CVE ID is unique from CVE-2020-1050. | LOW | Apr 15, 2020 | n/a |
| CVE-2020-1050 | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka \'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability\'. This CVE ID is unique from CVE-2020-1049. | MEDIUM | Apr 15, 2020 | n/a |
| CVE-2020-1063 | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka \'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability\'. | LOW | May 22, 2020 | n/a |
| CVE-2020-0656 | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka \'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability\'. | LOW | Jan 15, 2020 | n/a |
| CVE-2019-1375 | A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka \'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability\'. | LOW | Oct 15, 2019 | n/a |
| CVE-2022-38200 | A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim\'s browser. | -- | Oct 25, 2022 | n/a |
| CVE-2024-28662 | A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in create_tag in admin/include/functions.php. | -- | Mar 14, 2024 | n/a |
