Vulnerabilities (CVE)

Filtered by CWE-79
Total 36814 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-28102 1 Dogukanurker 1 Flaskblog 2025-06-23 N/A 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost.
CVE-2024-24136 1 Remyandrade 1 Math Game 2025-06-20 N/A 6.1 MEDIUM
The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks.
CVE-2024-23905 1 Jenkins 1 Red Hat Dependency Analytics 2025-06-20 N/A 5.4 MEDIUM
Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download.
CVE-2024-23183 1 Appleple 1 A-blog Cms 2025-06-20 N/A 5.4 MEDIUM
Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute an arbitrary script on the logged-in user's web browser.
CVE-2024-23181 1 Appleple 1 A-blog Cms 2025-06-20 N/A 6.1 MEDIUM
Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the logged-in user's web browser.
CVE-2024-23032 1 Eyoucms 1 Eyoucms 2025-06-20 N/A 6.1 MEDIUM
Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.
CVE-2024-22635 1 Webcalendar Project 1 Webcalendar 2025-06-20 N/A 6.1 MEDIUM
WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php.
CVE-2024-22570 1 Njtech 1 Greencms 2025-06-20 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2023-7089 1 Benjaminzekavica 1 Easy Svg Support 2025-06-20 N/A 5.4 MEDIUM
The Easy SVG Allow WordPress plugin through 1.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.
CVE-2023-6278 1 Biteship 1 Biteship 2025-06-20 N/A 6.1 MEDIUM
The Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo WordPress plugin before 2.2.25 does not sanitise and escape the biteship_error and biteship_message parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2023-37571 1 Softing 1 Th Scope 2025-06-20 N/A 6.1 MEDIUM
Softing TH SCOPE through 3.70 allows XSS.
CVE-2023-33758 1 Splicecom 1 Maximiser Soft Pbx 2025-06-20 N/A 6.1 MEDIUM
Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the CLIENT_NAME and DEVICE_GUID fields in the login component.
CVE-2021-43635 1 Codexnotes 1 Codex 2025-06-20 4.3 MEDIUM 6.1 MEDIUM
A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file.
CVE-2024-22549 1 Flycms Project 1 Flycms 2025-06-20 N/A 5.4 MEDIUM
FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section.
CVE-2024-0606 1 Mozilla 1 Firefox Focus 2025-06-20 N/A 6.1 MEDIUM
An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122.
CVE-2023-52330 1 Trendmicro 1 Apex One 2025-06-20 N/A 6.1 MEDIUM
A cross-site scripting vulnerability in Trend Micro Apex Central could allow a remote attacker to execute arbitrary code on affected installations of Trend Micro Apex Central. Please note: user interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
CVE-2023-52326 1 Trendmicro 1 Apex Central 2025-06-20 N/A 6.1 MEDIUM
Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. Please note this vulnerability is similar, but not identical to CVE-2023-52327.
CVE-2023-51946 1 Actidata 2 Actinas Sl 2u-8 Rdx, Actinas Sl 2u-8 Rdx Firmware 2025-06-20 N/A 6.1 MEDIUM
Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML.
CVE-2023-41176 1 Trendmicro 1 Mobile Security 2025-06-20 N/A 6.1 MEDIUM
Reflected cross-site scripting (XSS) vulnerabilities in Trend Micro Mobile Security (Enterprise) could allow an exploit against an authenticated victim that visits a malicious link provided by an attacker. Please note, this vulnerability is similar to, but not identical to, CVE-2023-41177.
CVE-2024-31651 1 Oretnom23 1 Cosmetics And Beauty Product Online Store 2025-06-20 N/A 6.1 MEDIUM
A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter.