The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2020-14210 | Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. It provides a function to response to Request URL information when blocking. | MEDIUM | Jun 17, 2020 | n/a |
| CVE-2023-49453 | Reflected cross-site scripting (XSS) vulnerability in Racktables v0.22.0 and before, allows local attackers to execute arbitrary code and obtain sensitive information via the search component in index.php. | -- | Mar 12, 2024 | n/a |
| CVE-2021-45416 | Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script. | MEDIUM | Feb 4, 2022 | n/a |
| CVE-2022-34857 | Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress | -- | Aug 23, 2022 | n/a |
| CVE-2018-10727 | Reflected Cross-Site Scripting (XSS) vulnerability in the fabrik_referrer hidden field in the Fabrikar Fabrik component through v3.8.1 for Joomla! allows remote attackers to inject arbitrary web script via the HTTP Referer header. | MEDIUM | Oct 31, 2019 | n/a |
| CVE-2023-40191 | Reflected cross-site scripting (XSS) vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 44 through 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the “Blocked Email Domains” text field | -- | Feb 21, 2024 | n/a |
| CVE-2023-42498 | Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_key parameter. | -- | Feb 21, 2024 | n/a |
| CVE-2022-47431 | Reflected Cross-Site Scripting (XSS) vulnerability in Tussendoor internet & marketing Open RDW kenteken voertuiginformatie plugin <= 2.0.14 versions. | -- | Mar 23, 2023 | n/a |
| CVE-2023-24404 | Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketing Performance plugin <= 2.0.0 versions. | -- | Apr 24, 2023 | n/a |
| CVE-2024-29271 | Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php. | -- | Mar 22, 2024 | n/a |
| CVE-2021-36869 | Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <= 4.6.6). Vulnerable parameter: &post. | MEDIUM | Oct 22, 2021 | n/a |
| CVE-2017-7271 | Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen. | MEDIUM | Mar 27, 2017 | n/a |
| CVE-2022-38467 | Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.1.0 ver. | -- | Jan 14, 2023 | n/a |
| CVE-2023-47797 | Reflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the `p_l_back_url_title` parameter. | -- | Nov 23, 2023 | n/a |
| CVE-2023-42496 | Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_roles_admin_web_portlet_RolesAdminPortlet_tabs2 parameter. | -- | Feb 21, 2024 | n/a |
| CVE-2023-42497 | Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_translation_web_internal_portlet_TranslationPortlet_redirect` parameter. | -- | Oct 17, 2023 | n/a |
| CVE-2021-38087 | Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009. | MEDIUM | Aug 12, 2021 | n/a |
| CVE-2018-15528 | Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the select_sso() function. The payload is triggered when the victim opens a prepared /ux/jss-sso/arslogin?[XSS] link and then clicks the Login button. | MEDIUM | Aug 21, 2018 | n/a |
| CVE-2023-0868 | Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horizon installation instructions state that they are intended for installation within an organization\'s private networks and should not be directly accessible from the Internet. | -- | Feb 23, 2023 | n/a |
| CVE-2023-1356 | Reflected cross-site scripting in the StudentSearch component in IDAttend’s IDWeb application 3.1.052 and earlier allows hijacking of a user’s browsing session by attackers who have convinced the said user to click on a malicious link. | -- | Oct 25, 2023 | n/a |
| CVE-2020-22839 | Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter. | MEDIUM | Feb 12, 2021 | n/a |
| CVE-2021-20672 | Reflected cross-site scripting vulnerability due to insufficient verification of URL query parameters in GROWI (v4.2 Series) versions from v4.2.0 to v4.2.7 allows remote attackers to inject an arbitrary script via unspecified vectors. | MEDIUM | Mar 10, 2021 | n/a |
| CVE-2018-0558 | Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors. | MEDIUM | Jun 26, 2018 | n/a |
| CVE-2022-38080 | Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script. | -- | Aug 24, 2022 | n/a |
| CVE-2020-5677 | Reflected cross-site scripting vulnerability in GROWI v4.0.0 and earlier allows remote attackers to inject arbitrary script via unspecified vectors. | MEDIUM | Dec 3, 2020 | n/a |
| CVE-2023-22296 | Reflected cross-site scripting vulnerability in MAHO-PBX NetDevancer series MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allows a remote unauthenticated attacker to inject an arbitrary script. | -- | Jan 24, 2023 | n/a |
| CVE-2018-6659 | Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input. | LOW | Apr 3, 2018 | n/a |
| CVE-2021-22522 | Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream Host Integrator, affecting version version 7.8 Update 1 and earlier versions. The vulnerability could allow disclosure of confidential data. | MEDIUM | Jul 22, 2021 | n/a |
| CVE-2020-13278 | Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request. | MEDIUM | Aug 12, 2020 | n/a |
| CVE-2022-27637 | Reflected cross-site scripting vulnerability in PukiWiki versions 1.5.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors. | -- | Aug 24, 2022 | n/a |
| CVE-2022-0181 | Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to inject an arbitrary script via unspecified vectors. | MEDIUM | Jan 18, 2022 | n/a |
| CVE-2018-2383 | Reflected cross-site scripting vulnerability in SAP internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53. | MEDIUM | Feb 14, 2018 | n/a |
| CVE-2023-36492 | Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. | -- | Sep 5, 2023 | n/a |
| CVE-2021-20725 | Reflected cross-site scripting vulnerability in the admin page of [Calendar01] free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors. | MEDIUM | May 27, 2021 | n/a |
| CVE-2021-20724 | Reflected cross-site scripting vulnerability in the admin page of [Telop01] free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors. | MEDIUM | May 27, 2021 | n/a |
| CVE-2022-21805 | Reflected cross-site scripting vulnerability in the attached file name of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. | MEDIUM | Feb 11, 2022 | n/a |
| CVE-2022-22142 | Reflected cross-site scripting vulnerability in the checkbox of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. | MEDIUM | Feb 11, 2022 | n/a |
| CVE-2023-39938 | Reflected cross-site scripting vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to inject an arbitrary script. | -- | Sep 5, 2023 | n/a |
| CVE-2023-22376 | Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to inject arbitrary script to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer. | -- | Feb 14, 2023 | n/a |
| CVE-2020-5662 | Reflected cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors. | LOW | Nov 20, 2020 | n/a |
| CVE-2021-20723 | Reflected cross-site scripting vulnerability in [MailForm01] free edition (versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018 July 27) allows a remote attacker to inject an arbitrary script via unspecified vectors. | MEDIUM | May 28, 2021 | n/a |
| CVE-2015-5248 | Reflected file download vulnerability in Red Hat Feedhenry Enterprise Mobile Application Platform. | MEDIUM | Sep 20, 2017 | n/a |
| CVE-2022-27665 | Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI. | -- | Apr 3, 2023 | n/a |
| CVE-2023-3034 | Reflected XSS affects the ‘mode’ parameter in the /admin functionality of the web application in versions <=2.0.44 | -- | Jun 28, 2023 | n/a |
| CVE-2023-29455 | Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim\'s browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts. | -- | May 30, 2023 | n/a |
| CVE-2023-29457 | Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim\'s browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts. | -- | May 30, 2023 | n/a |
| CVE-2018-17301 | Reflected XSS exists in client/res/templates/global-search/name-field.tpl in EspoCRM 5.3.6 via /#Account in the search panel. | LOW | Sep 21, 2018 | n/a |
| CVE-2018-18782 | Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter. | MEDIUM | Oct 29, 2018 | n/a |
| CVE-2018-18579 | Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter. | MEDIUM | Oct 22, 2018 | n/a |
| CVE-2019-17409 | Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter. | -- | Oct 21, 2019 | n/a |
