Vulnerabilities (CVE)

Filtered by CWE-79
Total 37752 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-44961 1 Webtareas Project 1 Webtareas 2025-04-24 N/A 5.4 MEDIUM
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2022-44960 1 Webtareas Project 1 Webtareas 2025-04-24 N/A 5.4 MEDIUM
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field.
CVE-2022-44955 1 Webtareas Project 1 Webtareas 2025-04-24 N/A 5.4 MEDIUM
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the Chat function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Messages field.
CVE-2022-44954 1 Webtareas Project 1 Webtareas 2025-04-24 N/A 5.4 MEDIUM
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /contacts/listcontacts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name field after clicking "Add".
CVE-2022-44953 1 Webtareas Project 1 Webtareas 2025-04-24 N/A 5.4 MEDIUM
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add".
CVE-2022-44952 1 Rukovoditel 1 Rukovoditel 2025-04-24 N/A 5.4 MEDIUM
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking "Add".
CVE-2022-44951 1 Rukovoditel 1 Rukovoditel 2025-04-24 N/A 5.4 MEDIUM
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2022-3709 1 Sophos 2 Xg Firewall, Xg Firewall Firmware 2025-04-24 N/A 6.8 MEDIUM
A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin import group wizard of Sophos Firewall releases older than version 19.5 GA.
CVE-2022-38803 1 Zkteco 1 Biotime 2025-04-24 N/A 6.8 MEDIUM
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via Leave, overtime, Manual log. An authenticated employee can read local files by exploiting XSS into a pdf generator when exporting data as a PDF
CVE-2022-38802 1 Zkteco 1 Biotime 2025-04-24 N/A 6.2 MEDIUM
Zkteco BioTime < 8.5.3 Build:20200816.447 is vulnerable to Incorrect Access Control via resign, private message, manual log, time interval, attshift, and holiday. An authenticated administrator can read local files by exploiting XSS into a pdf generator when exporting data as a PDF
CVE-2022-38801 1 Zkteco 1 Biotime 2025-04-24 N/A 5.4 MEDIUM
In Zkteco BioTime < 8.5.3 Build:20200816.447, an employee can hijack an administrator session and cookies using blind cross-site scripting.
CVE-2023-41425 1 Wondercms 1 Wondercms 2025-04-24 N/A 6.1 MEDIUM
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
CVE-2022-37926 1 Arubanetworks 1 Edgeconnect Enterprise 2025-04-24 N/A 5.5 MEDIUM
A vulnerability within the web-based management interface of EdgeConnect Enterprise could allow a remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface by uploading a specially crafted file. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.
CVE-2022-37925 1 Arubanetworks 1 Edgeconnect Enterprise 2025-04-24 N/A 6.1 MEDIUM
A vulnerability within the web-based management interface of Aruba EdgeConnect Enterprise could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.
CVE-2024-41446 1 Alkacon 1 Opencms 2025-04-24 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function.
CVE-2024-42699 1 Alkacon 1 Opencms 2025-04-24 N/A 6.5 MEDIUM
Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field
CVE-2025-28121 1 Code-projects 1 Online Exam Mastering System 2025-04-24 N/A 6.1 MEDIUM
code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) in feedback.php via the "q" parameter allowing remote attackers to execute arbitrary code.
CVE-2022-46391 3 Awstats, Debian, Fedoraproject 3 Awstats, Debian Linux, Fedora 2025-04-24 N/A 6.1 MEDIUM
AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.
CVE-2025-3821 1 Senior-walter 1 Web-based Pharmacy Product Management System 2025-04-24 3.3 LOW 2.4 LOW
A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file add-admin.php. The manipulation of the argument txtpassword/txtfullname/txtemail leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3822 1 Senior-walter 1 Web-based Pharmacy Product Management System 2025-04-24 3.3 LOW 2.4 LOW
A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file changepassword.php. The manipulation of the argument txtconfirm_password/txtnew_password/txtold_password leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.