ReportizFlow
Filtered by vendor
Subscriptions
Total
45117 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-28363 | 1 Reprisesoftware | 1 Reprise License Manager | 2025-04-30 | 6.1 Medium |
| Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process username parameter via GET. No authentication is required. | ||||
| CVE-2022-30519 | 1 Reprisesoftware | 1 Reprise License Manager | 2025-04-30 | 6.1 Medium |
| XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field. | ||||
| CVE-2022-3415 | 1 Bluecoral | 1 Chat Bubble | 2025-04-30 | 6.1 Medium |
| The Chat Bubble WordPress plugin before 2.3 does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message | ||||
| CVE-2022-43569 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-04-30 | 8 High |
| In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, an authenticated user can inject and store arbitrary scripts that can lead to persistent cross-site scripting (XSS) in the object name of a Data Model. | ||||
| CVE-2022-43754 | 2 Suse, Uyuni-project | 2 Manager Server, Uyuni | 2025-04-30 | 2.6 Low |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spacewalk/Uyuni of SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Linux Enterprise Module for SUSE Manager Server 4.3, SUSE Manager Server 4.2 allows remote attackers to embed Javascript code via /rhn/audit/scap/Search.do This issue affects: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 hub-xmlrpc-api-0.7-150300.3.9.2, inter-server-sync-0.2.4-150300.8.25.2, locale-formula-0.3-150300.3.3.2, py27-compat-salt-3000.3-150300.7.7.26.2, python-urlgrabber-3.10.2.1py2_3-150300.3.3.2, spacecmd-4.2.20-150300.4.30.2, spacewalk-backend-4.2.25-150300.4.32.4, spacewalk-client-tools-4.2.21-150300.4.27.3, spacewalk-java-4.2.43-150300.3.48.2, spacewalk-utils-4.2.18-150300.3.21.2, spacewalk-web-4.2.30-150300.3.30.3, susemanager-4.2.38-150300.3.44.3, susemanager-doc-indexes-4.2-150300.12.36.3, susemanager-docs_en-4.2-150300.12.36.2, susemanager-schema-4.2.25-150300.3.30.3, susemanager-sls versions prior to 4.2.28. SUSE Linux Enterprise Module for SUSE Manager Server 4.3 spacewalk-java versions prior to 4.3.39. SUSE Manager Server 4.2 release-notes-susemanager versions prior to 4.2.10. | ||||
| CVE-2015-4582 | 1 Thecartpress | 1 Boot Store | 2025-04-30 | 7.2 High |
| The TheCartPress boot-store (aka Boot Store) theme 1.6.4 for WordPress allows header.php tcp_register_error XSS. NOTE: CVE-2015-4582 is not assigned to any Oracle product. | ||||
| CVE-2024-13874 | 1 Feedify | 1 Web Push Notifications | 2025-04-30 | 7.1 High |
| The Feedify WordPress plugin before 2.4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2025-25776 | 1 Codeastro | 1 Bus Ticket Booking System | 2025-04-30 | 5 Medium |
| Cross-Site Scripting (XSS) vulnerability exists in the User Registration and User Profile features of Codeastro Bus Ticket Booking System v1.0 allows an attacker to execute arbitrary code into the Full Name and Address fields during user registration or profile editing. | ||||
| CVE-2024-5920 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-30 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write Panorama administrator to push a specially crafted configuration to a PAN-OS node. This enables impersonation of a legitimate PAN-OS administrator who can perform restricted actions on the PAN-OS node after the execution of JavaScript in the legitimate PAN-OS administrator's browser. | ||||
| CVE-2025-0627 | 1 Taxopress | 1 Taxopress | 2025-04-30 | 3.5 Low |
| The WordPress Tag, Category, and Taxonomy Manager WordPress plugin before 3.30.0 does not sanitise and escape some of its Widgets settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-45387 | 1 Jenkins | 1 Bart | 2025-04-30 | 5.4 Medium |
| Jenkins BART Plugin 1.0.3 and earlier does not escape the parsed content of build logs before rendering it on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability. | ||||
| CVE-2022-43119 | 1 Csphere | 1 Clansphere | 2025-04-30 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter. | ||||
| CVE-2021-25926 | 1 Sickrage | 1 Sickrage | 2025-04-30 | 6.1 Medium |
| In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the `quicksearch` feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the context of the user. | ||||
| CVE-2021-25925 | 1 Sickrage | 1 Sickrage | 2025-04-30 | 5.4 Medium |
| in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive information. | ||||
| CVE-2021-25921 | 1 Open-emr | 1 Openemr | 2025-04-30 | 5.4 Medium |
| In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit. | ||||
| CVE-2021-25919 | 1 Open-emr | 1 Openemr | 2025-04-30 | 4.8 Medium |
| In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into input fields when creating a new user. | ||||
| CVE-2021-25918 | 1 Open-emr | 1 Openemr | 2025-04-30 | 4.8 Medium |
| In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the TOTP Authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user. | ||||
| CVE-2021-25917 | 1 Open-emr | 1 Openemr | 2025-04-30 | 4.8 Medium |
| In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the U2F USB Device authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user. | ||||
| CVE-2022-41260 | 1 Sap | 1 Financial Consolidation | 2025-04-30 | 6.1 Medium |
| SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | ||||
| CVE-2025-3823 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2025-04-30 | 2.4 Low |
| A vulnerability classified as problematic has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file add-stock.php. The manipulation of the argument txttotalcost/txtproductID/txtprice/txtexpirydate leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||