CVE Daily
← All tags

Tag: Cross-site Scripting (XSS)

All CVEs associated with "Cross-site Scripting (XSS)". Page 8/8 • 871 CVEs.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2024-05-03
Critical

CVE-2023-27335

Softing edgeAggregator Client Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeA…

CVSS: 9.6 CWE: CWE-79
Read more
2024-05-02
Critical

CVE-2024-4406

Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of…

CVSS: 9.6 CWE: CWE-79
Read more
Critical

CVE-2024-4405

Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaom…

CVSS: 9.6 CWE: CWE-79
Read more
2024-04-23
Medium

CVE-2023-47731

IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed…

CVSS: 5.4 CWE: CWE-79
Read more
2024-04-09
Medium

CVE-2024-0873

The Watu Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'watu-basic-chart' shortcode in all versions up to, and including, 3.4.1 due to insufficient input san…

CVSS: 6.4 CWE: CWE-79
Read more
Medium

CVE-2024-27242

Cross site scripting in Zoom Desktop Client for Linux before version 5.17.10 may allow an authenticated user to conduct a denial of service via network access.

CVSS: 4.1 CWE: CWE-79
Read more
2024-04-03
Medium

CVE-2024-20362

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct a cross-…

CVSS: 6.1 CWE: CWE-80
Read more
Medium

CVE-2024-20310

A vulnerability in the web-based interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a cross-site scri…

CVSS: 6.1 CWE: CWE-23
Read more
2024-03-26
High

CVE-2023-33322

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Front End Users allows Reflected XSS.This issue affects Front End Users: from n…

CVSS: 7.1 CWE: CWE-79
Read more
2024-03-13
High

CVE-2024-1935

The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘parent_url’ pa…

CVSS: 7.2 CWE: CWE-79
Read more
2024-03-06
Medium

CVE-2024-20346

A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting (XSS) attack against a…

CVSS: 5.4 CWE: CWE-79
Read more
2024-03-01
Medium

CVE-2024-27499

Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in product review option.

CVSS: 6.5 CWE: CWE-79
Read more
2024-02-29
Medium

CVE-2024-1242

The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient i…

CVSS: 6.4 CWE: CWE-79
Read more
2023-07-11
High

CVE-2023-36390

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1…

CVSS: 8.8 CWE: CWE-79
Read more
2023-05-26
Medium

CVE-2023-20868

NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages.

CVSS: 6.1 CWE: CWE-79
Read more
2022-07-15
Medium

CVE-2022-25869

All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the…

CVSS: 4.2 CWE: CWE-79
Read more
2022-05-25
Medium

CVE-2022-29362

A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Paren…

CVSS: 5.4 CWE: CWE-79
Read more
2022-04-21
Medium

CVE-2022-27926

A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web scrip…

CVSS: 6.1 CWE: CWE-79
Read more
2022-03-08
Critical

CVE-2021-37208

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDC…

CVSS: 9.6 CWE: CWE-79
Read more
2021-06-16
Medium

CVE-2021-1395

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a use…

CVSS: 4.7 CWE: CWE-79
Read more
2021-04-08
Medium

CVE-2021-1463

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack agai…

CVSS: 6.1 CWE: CWE-79
Read more
2021-04-05
Medium

CVE-2021-24211

The WordPress Related Posts plugin through 3.6.4 contains an authenticated (admin+) stored XSS vulnerability in the title field on the settings page. By exploiting that an attacker will be able to ex…

CVSS: 5.4 CWE: CWE-79
Read more
2021-01-13
Medium

CVE-2021-1130

A vulnerability in the web-based management interface of Cisco DNA Center software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the i…

CVSS: 4.8 CWE: CWE-79
Read more
2020-08-26
Medium

CVE-2020-3466

Multiple vulnerabilities in the web-based management interface of Cisco DNA Center software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a us…

CVSS: 6.1 CWE: CWE-79
Read more
2020-02-05
Medium

CVE-2019-15253

A vulnerability in the web-based management interface of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) a…

CVSS: 4.8 CWE: CWE-79
Read more
2019-08-20
Medium

CVE-2017-18524

The football-pool plugin before 2.6.5 for WordPress has multiple XSS issues.

CVSS: 6.1 CWE: CWE-79
Read more
2019-03-11
Medium

CVE-2019-1707

A vulnerability in the web-based management interface of Cisco DNA Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based…

CVSS: 5.4 CWE: CWE-79
Read more
2019-02-07
Medium

CVE-2019-1670

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack agai…

CVSS: 6.1 CWE: CWE-79
Read more
2018-03-27
Medium

CVE-2018-6882

Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers…

CVSS: 6.1 CWE: CWE-79
Read more
2017-09-21
Medium

CVE-2017-12254

A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. T…

CVSS: 6.1 CWE: CWE-79
Read more
Medium

CVE-2017-12248

A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user o…

CVSS: 6.1 CWE: CWE-79
Read more