The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2020-13183 | Reflected Cross Site Scripting in Teradici PCoIP Management Console prior to 20.07 could allow an attacker to take over the user\'s active session if the user is exposed to a malicious payload. | MEDIUM | Aug 21, 2020 | n/a |
| CVE-2019-3638 | Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator\'s credentials via tricking the administrator to click on a carefully constructed malicious link. | Medium | Sep 13, 2019 | n/a |
| CVE-2020-25832 | Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack. | LOW | Nov 19, 2020 | n/a |
| CVE-2018-18991 | Reflected cross-site scripting (non-persistent) in SCADA WebServer (Versions prior to 2.03.0001) could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the web application to the victim\'s browser. | MEDIUM | Dec 6, 2018 | n/a |
| CVE-2015-6462 | Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC client browser. | LOW | Mar 21, 2019 | n/a |
| CVE-2023-3466 | Reflected Cross-Site Scripting (XSS) | -- | Jul 20, 2023 | n/a |
| CVE-2018-12654 | Reflected Cross-Site Scripting (XSS) exists in the Bibliography module in SLiMS 8 Akasia 8.3.1 via an admin/modules/bibliography/index.php?keywords= URI. | MEDIUM | Jun 22, 2018 | n/a |
| CVE-2018-12655 | Reflected Cross-Site Scripting (XSS) exists in the Circulation module in SLiMS 8 Akasia 8.3.1 via an admin/modules/circulation/loan_rules.php?keywords= URI, a related issue to CVE-2017-7242. | MEDIUM | Jun 22, 2018 | n/a |
| CVE-2018-12657 | Reflected Cross-Site Scripting (XSS) exists in the Master File module in SLiMS 8 Akasia 8.3.1 via an admin/modules/master_file/rda_cmc.php?keywords= URI. | MEDIUM | Jun 22, 2018 | n/a |
| CVE-2018-12656 | Reflected Cross-Site Scripting (XSS) exists in the Membership module in SLiMS 8 Akasia 8.3.1 via an admin/modules/membership/index.php?keywords= URI. | MEDIUM | Jun 22, 2018 | n/a |
| CVE-2018-12658 | Reflected Cross-Site Scripting (XSS) exists in the Stock Take module in SLiMS 8 Akasia 8.3.1 via an admin/modules/stock_take/index.php?keywords= URI. | MEDIUM | Jun 22, 2018 | n/a |
| CVE-2022-48197 | Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | -- | Jan 2, 2023 | n/a |
| CVE-2023-41178 | Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41176. | -- | Jan 23, 2024 | n/a |
| CVE-2023-41176 | Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41177. | -- | Jan 23, 2024 | n/a |
| CVE-2023-41177 | Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41178. | -- | Jan 23, 2024 | n/a |
| CVE-2018-6226 | Reflected cross-site scripting (XSS) vulnerabilities in two Trend Micro Email Encryption Gateway 5.5 configuration files could allow an attacker to inject client-side scripts into vulnerable systems. | LOW | Mar 16, 2018 | n/a |
| CVE-2022-38162 | Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within the F-Secure Policy Manager due to an unvalidated parameter in the endpoint, which allows remote attackers to provide a malicious input. | -- | Oct 25, 2022 | n/a |
| CVE-2022-25601 | Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). | MEDIUM | Mar 11, 2022 | n/a |
| CVE-2022-33978 | Reflected Cross-Site Scripting (XSS) vulnerability FontMeister plugin <= 1.08 at WordPress. | -- | Oct 13, 2022 | n/a |
| CVE-2022-40968 | Reflected Cross-Site Scripting (XSS) vulnerability in 2kb Amazon Affiliates Store plugin <=2.1.5 on WordPress. | -- | Dec 4, 2022 | n/a |
| CVE-2022-29421 | Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat\'s Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter. | MEDIUM | May 6, 2022 | n/a |
| CVE-2022-47145 | Reflected Cross-Site Scripting (XSS) vulnerability in Blockonomics WordPress Bitcoin Payments – Blockonomics plugin <= 3.5.7 versions. | -- | Mar 24, 2023 | n/a |
| CVE-2022-25617 | Reflected Cross-Site Scripting (XSS) vulnerability in Code Snippets plugin <= 2.14.3 at WordPress via &orderby vulnerable parameter. | MEDIUM | May 18, 2022 | n/a |
| CVE-2022-45837 | Reflected Cross-Site Scripting (XSS) vulnerability in Denis ???????? plugin <= 6.0.1 versions. | -- | Apr 25, 2023 | n/a |
| CVE-2024-30884 | Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component. | -- | Apr 11, 2024 | n/a |
| CVE-2023-46448 | Reflected Cross-Site Scripting (XSS) vulnerability in dmpop Mejiro Commit Versions Prior To 3096393 allows attackers to run arbitrary code via crafted string in metadata of uploaded images. | -- | Nov 2, 2023 | n/a |
| CVE-2022-47592 | Reflected Cross-Site Scripting (XSS) vulnerability in Dmytriy.Cooperman MagicForm plugin <= 0.1 versions. | -- | Mar 23, 2023 | n/a |
| CVE-2022-0986 | Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11. | MEDIUM | Mar 17, 2022 | n/a |
| CVE-2023-23677 | Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.5 versions. | -- | Mar 31, 2023 | n/a |
| CVE-2024-30885 | Reflected Cross-Site Scripting (XSS) vulnerability in HadSky v7.6.3, allows remote attackers to execute arbitrary code and obtain sensitive information via the chklogin.php component . | -- | Apr 11, 2024 | n/a |
| CVE-2023-22718 | Reflected Cross-Site Scripting (XSS) vulnerability in Jason Lau User Meta Manager plugin <= 3.4.9 versions. | -- | Apr 24, 2023 | n/a |
| CVE-2019-3911 | Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /__r2/query endpoints. | Medium | Jan 31, 2019 | n/a |
| CVE-2023-22682 | Reflected Cross-Site Scripting (XSS) vulnerability in Manuel Masia | Pixedelic.Com Camera slideshow plugin <= 1.4.0.1 versions. | -- | Mar 23, 2023 | n/a |
| CVE-2023-22704 | Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler teachPress plugin <= 8.1.8 versions. | -- | Mar 23, 2023 | n/a |
| CVE-2022-47591 | Reflected Cross-Site Scripting (XSS) vulnerability in Mickael Austoni Map Multi Marker plugin <= 3.2.1 versions. | -- | Mar 20, 2023 | n/a |
| CVE-2020-14210 | Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. It provides a function to response to Request URL information when blocking. | MEDIUM | Jun 17, 2020 | n/a |
| CVE-2023-49453 | Reflected cross-site scripting (XSS) vulnerability in Racktables v0.22.0 and before, allows local attackers to execute arbitrary code and obtain sensitive information via the search component in index.php. | -- | Mar 12, 2024 | n/a |
| CVE-2021-45416 | Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script. | MEDIUM | Feb 4, 2022 | n/a |
| CVE-2022-34857 | Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress | -- | Aug 23, 2022 | n/a |
| CVE-2018-10727 | Reflected Cross-Site Scripting (XSS) vulnerability in the fabrik_referrer hidden field in the Fabrikar Fabrik component through v3.8.1 for Joomla! allows remote attackers to inject arbitrary web script via the HTTP Referer header. | MEDIUM | Oct 31, 2019 | n/a |
| CVE-2023-40191 | Reflected cross-site scripting (XSS) vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 44 through 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the “Blocked Email Domains” text field | -- | Feb 21, 2024 | n/a |
| CVE-2023-42498 | Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_key parameter. | -- | Feb 21, 2024 | n/a |
| CVE-2022-47431 | Reflected Cross-Site Scripting (XSS) vulnerability in Tussendoor internet & marketing Open RDW kenteken voertuiginformatie plugin <= 2.0.14 versions. | -- | Mar 23, 2023 | n/a |
| CVE-2023-24404 | Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketing Performance plugin <= 2.0.0 versions. | -- | Apr 24, 2023 | n/a |
| CVE-2024-29271 | Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php. | -- | Mar 22, 2024 | n/a |
| CVE-2021-36869 | Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <= 4.6.6). Vulnerable parameter: &post. | MEDIUM | Oct 22, 2021 | n/a |
| CVE-2017-7271 | Reflected Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen. | MEDIUM | Mar 27, 2017 | n/a |
| CVE-2022-38467 | Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.1.0 ver. | -- | Jan 14, 2023 | n/a |
| CVE-2023-47797 | Reflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the `p_l_back_url_title` parameter. | -- | Nov 23, 2023 | n/a |
| CVE-2023-42496 | Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_roles_admin_web_portlet_RolesAdminPortlet_tabs2 parameter. | -- | Feb 21, 2024 | n/a |
