Export limit exceeded: 44457 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44457 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-58318 | 1 Kentico | 1 Xperience | 2025-12-30 | 6.1 Medium |
| A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via the rich text editor component for page and form builders. Attackers can exploit this vulnerability by entering malicious URIs, potentially allowing malicious scripts to execute in users' browsers. | ||||
| CVE-2023-53920 | 1 Podcastgenerator | 1 Podcast Generator | 2025-12-30 | 5.4 Medium |
| PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the podcast title field accessible through the podcast details interface (podcast_details.php). Malicious JavaScript payloads injected into the podcast title execute when users visit the application's home page. | ||||
| CVE-2023-53919 | 1 Podcastgenerator | 1 Podcast Generator | 2025-12-30 | 5.4 Medium |
| PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the Freebox content field accessible through the theme customization interface (theme_freebox.php). Malicious JavaScript payloads injected into the Freebox content execute when users visit the application's home page. | ||||
| CVE-2023-53918 | 1 Podcastgenerator | 1 Podcast Generator | 2025-12-30 | 6.1 Medium |
| PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the episode title field accessible through the episodes upload interface (episodes_upload.php). Malicious JavaScript payloads injected into episode titles execute when administrators view the episodes list page (episodes_list.php). | ||||
| CVE-2023-53911 | 1 Textpattern | 1 Textpattern | 2025-12-30 | 5.4 Medium |
| Textpattern CMS 4.8.8 contains a stored cross-site scripting vulnerability in the article excerpt field that allows authenticated users to inject malicious scripts. Attackers can insert JavaScript payloads into the excerpt, which will execute when the article is viewed by other users. | ||||
| CVE-2023-53738 | 1 Kentico | 1 Xperience | 2025-12-30 | 5.4 Medium |
| A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via page preview URLs. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers during page preview interactions. | ||||
| CVE-2023-53737 | 1 Kentico | 1 Xperience | 2025-12-30 | 4.8 Medium |
| A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts of the administration interface. | ||||
| CVE-2023-53736 | 1 Kentico | 1 Xperience | 2025-12-30 | 5.4 Medium |
| A reflected cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts in the administration interface. Attackers can exploit this vulnerability to execute arbitrary scripts within the administrative context. | ||||
| CVE-2022-50685 | 1 Kentico | 1 Xperience | 2025-12-30 | 5.4 Medium |
| A stored cross-site scripting vulnerability in Kentico Xperience allows authenticated users to inject malicious scripts via XML file uploads as page attachments or metafiles. Attackers can upload malicious XML files that enable stored XSS, allowing malicious scripts to execute in users' browsers. | ||||
| CVE-2022-50684 | 1 Kentico | 1 Xperience | 2025-12-30 | 6.1 Medium |
| An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML content execution in recipient email clients, potentially compromising email security. | ||||
| CVE-2022-50683 | 1 Kentico | 1 Xperience | 2025-12-30 | 5.4 Medium |
| A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form redirect URL configuration. This allows malicious scripts to execute in users' browsers through unvalidated form configuration settings. | ||||
| CVE-2022-50681 | 1 Kentico | 1 Xperience | 2025-12-30 | 6.1 Medium |
| A reflected cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via administration input fields in the Rich text editor component. Attackers can exploit this vulnerability to execute arbitrary scripts in users' browsers. | ||||
| CVE-2022-50680 | 1 Kentico | 1 Xperience | 2025-12-30 | 4.8 Medium |
| A stored cross-site scripting vulnerability in Kentico Xperience allows administration users to inject malicious scripts via email marketing templates. Attackers can exploit this vulnerability to execute malicious scripts that could compromise user browsers and steal sensitive information. | ||||
| CVE-2020-36891 | 1 Kentico | 1 Xperience | 2025-12-30 | 5.4 Medium |
| A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to upload files with spoofed Content-Type that do not match file extensions. Attackers can exploit this vulnerability by uploading malicious files with manipulated MIME types, allowing malicious scripts to execute in users' browsers. | ||||
| CVE-2020-36889 | 1 Kentico | 1 Xperience | 2025-12-30 | 5.4 Medium |
| A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via error messages containing specially crafted object names. This allows malicious scripts to execute in users' browsers when administrators view error messages in the administration interface. | ||||
| CVE-2024-35655 | 2 Brave, Getbrave | 2 Brave Popup Builder, Brave | 2025-12-30 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brave Brave Popup Builder allows Stored XSS.This issue affects Brave Popup Builder: from n/a through 0.6.9. | ||||
| CVE-2023-32120 | 1 Wordpress | 1 Wordpress | 2025-12-29 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bob Hostel allows DOM-Based XSS.This issue affects Hostel: from n/a through 1.1.5.1. | ||||
| CVE-2019-25233 | 1 Ave | 1 Dominaplus | 2025-12-29 | 5.3 Medium |
| AVE DOMINAplus 1.10.x contains cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to exploit login.php parameters and execute arbitrary scripts in user browser sessions. | ||||
| CVE-2025-15149 | 2025-12-29 | 2.4 Low | ||
| A vulnerability has been found in rawchen ecms up to b59d7feaa9094234e8aa6c8c6b290621ca575ded. Affected by this vulnerability is the function updateProductServlet of the file src/servlet/product/updateProductServlet.java of the component Add New Product Page. The manipulation of the argument productName leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-52552 | 1 Fastgpt | 1 Fastgpt | 2025-12-29 | 6.1 Medium |
| FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to attacker-controlled sites. This issue has been patched in version 4.9.12. | ||||