Export limit exceeded: 43913 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43913 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24127 | 1 Typemill | 1 Typemill | 2026-02-02 | 5.4 Medium |
| Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2. | ||||
| CVE-2025-27924 | 1 Nintex | 1 Automation | 2026-01-30 | 5.4 Medium |
| Nintex Automation 5.6 and 5.7 before 5.8 has a stored XSS issue associated with the "Navigate to a URL" action. | ||||
| CVE-2024-24506 | 1 Limesurvey | 1 Limesurvey | 2026-01-30 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function. | ||||
| CVE-2023-33940 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2026-01-30 | 4.8 Medium |
| Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL. | ||||
| CVE-2023-33939 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2026-01-30 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a facet label. | ||||
| CVE-2023-33944 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2026-01-30 | 4.8 Medium |
| Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's `URL` text field. | ||||
| CVE-2023-33943 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2026-01-30 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user's (1) First Name, (2) Middle Name, (3) Last Name, or (4) Job Title text field. | ||||
| CVE-2025-13505 | 1 Datateam | 1 Datactive | 2026-01-30 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Datateam Information Technologies Inc. Datactive allows Stored XSS.This issue affects Datactive: from 2.13.34 before 2.14.0.6. | ||||
| CVE-2023-50836 | 1 Linksoftwarellc | 1 Html Forms | 2026-01-30 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ibericode HTML Forms allows Stored XSS.This issue affects HTML Forms: from n/a through 1.3.28. | ||||
| CVE-2024-6243 | 1 Linksoftwarellc | 1 Html Forms | 2026-01-30 | 4.8 Medium |
| The HTML Forms WordPress plugin before 1.3.33 does not sanitize and escape the form message inputs, allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disabled. | ||||
| CVE-2025-46236 | 1 Linksoftwarellc | 1 Html Forms | 2026-01-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms allows Stored XSS. This issue affects HTML Forms: from n/a through 1.5.2. | ||||
| CVE-2026-21642 | 2 Aquaplatform, Revive | 2 Revive Adserver, Adserver | 2026-01-30 | N/A |
| HackerOne community member Patrick Lang (7yr) has reported a reflected XSS vulnerability in the `banner-acl.php` and `channel-acl.php` scripts of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent to the browser and malicious scripts would be executed. | ||||
| CVE-2025-67263 | 1 Abacre | 1 Retail Point Of Sale | 2026-01-30 | 6.1 Medium |
| Abacre Retail Point of Sale 14.0.0.396 is affected by a stored cross-site scripting (XSS) vulnerability in the Clients module. The application fails to properly sanitize user-supplied input stored in the Name and Surname fields. An attacker can insert malicious HTML or script content into these fields, which, persisted in the database. | ||||
| CVE-2021-47768 | 2 Cleidigh, Thundernest | 2 Importexporttools Ng, Importexporttools Ng | 2026-01-30 | 6.1 Medium |
| ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML export, potentially compromising user data or session credentials. | ||||
| CVE-2026-20075 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2026-01-30 | 4.8 Medium |
| A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the interface of an affected system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious code into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker must have valid administrative credentials. | ||||
| CVE-2025-67025 | 1 Anycomment | 2 Anycomment, Anycomment.io | 2026-01-30 | 6.1 Medium |
| Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to execute arbitrary code via the Anycomment comment section | ||||
| CVE-2025-63045 | 2 Averta, Wordpress | 2 Master Slider Pro, Wordpress | 2026-01-30 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in averta Master Slider Pro masterslider allows DOM-Based XSS.This issue affects Master Slider Pro: from n/a through <= 3.7.12. | ||||
| CVE-2026-23645 | 2 B3log, Siyuan | 2 Siyuan, Siyuan | 2026-01-30 | 6.1 Medium |
| SiYuan is self-hosted, open source personal knowledge management software. Prior to 3.5.4-dev2, a Stored Cross-Site Scripting (XSS) vulnerability exists in SiYuan Note. The application does not sanitize uploaded SVG files. If a user uploads and views a malicious SVG file (e.g., imported from an untrusted source), arbitrary JavaScript code is executed in the context of their authenticated session. This vulnerability is fixed in 3.5.4-dev2. | ||||
| CVE-2025-40700 | 2 Idi Eikon, Idieikon | 2 Governalia, Governalia | 2026-01-30 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) in IDI Eikon's Governalia. The vulnerability allows an attacker to execute JavaScript code in the victim's browser when a malicious URL with the 'q' parameter in '/search' is sent to them. This vulnerability can be exploited to steal sensitive information such as session cookies or to perform actions on behalf of the victim. | ||||
| CVE-2026-21624 | 2 Joomla, Stackideas | 3 Joomla, Joomla!, Easydiscuss | 2026-01-30 | 5.4 Medium |
| Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss component for Joomla. | ||||