ReportizFlow
Filtered by vendor
Subscriptions
Total
45117 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21419 | 1 Microsoft | 1 Dynamics 365 | 2025-05-03 | 7.6 High |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2024-29049 | 1 Microsoft | 1 Edge Chromium | 2025-05-03 | 4.1 Medium |
| Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | ||||
| CVE-2024-26251 | 1 Microsoft | 1 Sharepoint Server | 2025-05-03 | 6.8 Medium |
| Microsoft SharePoint Server Spoofing Vulnerability | ||||
| CVE-2024-30048 | 1 Microsoft | 1 Dynamics 365 Customer Insights | 2025-05-03 | 7.6 High |
| Dynamics 365 Customer Insights Spoofing Vulnerability | ||||
| CVE-2024-30047 | 1 Microsoft | 1 Dynamics 365 Customer Insights | 2025-05-03 | 7.6 High |
| Dynamics 365 Customer Insights Spoofing Vulnerability | ||||
| CVE-2024-30053 | 1 Microsoft | 1 Azure Migrate | 2025-05-03 | 6.5 Medium |
| Azure Migrate Cross-Site Scripting Vulnerability | ||||
| CVE-2022-43982 | 1 Apache | 1 Airflow | 2025-05-03 | 6.1 Medium |
| In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. | ||||
| CVE-2022-43670 | 1 Apache | 1 Sling Cms | 2025-05-03 | 5.4 Medium |
| An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.0 and prior may allow an authenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the taxonomy management feature. | ||||
| CVE-2022-40840 | 1 Ndk-design | 1 Ndkadvancedcustomizationfields | 2025-05-03 | 6.1 Medium |
| ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross Site Scripting (XSS) via createPdf.php. | ||||
| CVE-2022-35642 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-05-03 | 5.4 Medium |
| "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592." | ||||
| CVE-2021-46846 | 2 Hp, Hpe | 45 3par Service Processor, Apollo R2000 Chassis, Integrated Lights-out 5 Firmware and 42 more | 2025-05-02 | 6.4 Medium |
| Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5. | ||||
| CVE-2021-38351 | 1 Outsidesource | 1 Osd Subscribe | 2025-05-02 | 6.1 Medium |
| The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the osd_subscribe_message parameter found in the ~/options/osd_subscribe_options_subscribers.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.3. | ||||
| CVE-2021-38350 | 1 Spideranalyse Project | 1 Spideranalyse | 2025-05-02 | 6.1 Medium |
| The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the date parameter found in the ~/analyse/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.1. | ||||
| CVE-2021-38352 | 1 Feedify | 1 Web Push Notifications | 2025-05-02 | 6.1 Medium |
| The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8. | ||||
| CVE-2021-38333 | 1 Wp Scrippets Project | 1 Wp Scrippets | 2025-05-02 | 6.1 Medium |
| The WP Scrippets WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/wp-scrippets.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.1. | ||||
| CVE-2021-38331 | 1 Wp-t-wap Project | 1 Wp-t-wap | 2025-05-02 | 6.1 Medium |
| The WP-T-Wap WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the posted parameter found in the ~/wap/writer.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.13.2. | ||||
| CVE-2021-38338 | 1 Border Loading Bar Project | 1 Border Loading Bar | 2025-05-02 | 6.1 Medium |
| The Border Loading Bar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `f` and `t` parameter found in the ~/titan-framework/iframe-googlefont-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1. | ||||
| CVE-2021-38328 | 1 Notices Project | 1 Notices | 2025-05-02 | 6.1 Medium |
| The Notices WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/notices.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. | ||||
| CVE-2021-38329 | 1 Dj Emailpublish Project | 1 Dj Emailpublish | 2025-05-02 | 6.1 Medium |
| The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/dj-email-publish.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.7.2. | ||||
| CVE-2022-41679 | 1 Formalms | 1 Formalms | 2025-05-02 | 4.7 Medium |
| Forma LMS version 3.1.0 and earlier are affected by an Cross-Site scripting vulnerability, that could allow a remote attacker to inject javascript code on the “back_url” parameter in appLms/index.php?modname=faq&op=play function. The exploitation of this vulnerability could allow an attacker to steal the user´s cookies in order to log in to the application. | ||||