Page 4 of 7937 results (0.303 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

04 Feb 2025 — Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low privileged attacker to execute arbitrary code in the context of the victim's browser session. • https://helpx.adobe.com/security/products/experience-manager/apsb24-69.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1

04 Feb 2025 — The "NagVis" component within Checkmk is vulnerable to reflected cross-site scripting. ... The NagVis component within Checkmk is vulnerable to reflected cross site scripting. • https://packetstorm.news/files/id/189008 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

04 Feb 2025 — In affected versions with some combinations of plugins, and with CSP disabled, activity streams in the user's profile page may be vulnerable to XSS. • https://github.com/discourse/discourse/security/advisories/GHSA-hw4j-4hg7-22h2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

04 Feb 2025 — Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by posting a maliciously crafted onebox url. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. • https://github.com/discourse/discourse/security/advisories/GHSA-j855-mhxj-x6vg • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0

04 Feb 2025 — IBM Security Verify Access Appliance and Container 10.0.0 through 10.0.8 is vulnerable to cross-site scripting. • https://www.ibm.com/support/pages/node/7182386 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

04 Feb 2025 — Authentik project is vulnerable to Stored XSS attacks through uploading crafted SVG files that are used as application icons. ... Authentik project is vulnerable to Stored XSS attacks through uploading crafted SVG files that are used as application icons. • https://cert.pl/en/posts/2025/02/CVE-2024-11623 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

04 Feb 2025 — The TransFinanz WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin • https://wpscan.com/vulnerability/35b53a2d-9a8b-49e7-9553-ea09c9c50d66 •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

04 Feb 2025 — The WP Dream Carousel WordPress plugin through 1.0.1b does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin • https://wpscan.com/vulnerability/6425ccff-2e18-4498-b8b1-d493286efc7b •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1

04 Feb 2025 — The JustRows free WordPress plugin through 0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin • https://wpscan.com/vulnerability/b0360650-8c7a-4e17-8618-b5ef1c71ccbf •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1

04 Feb 2025 — The Solidres WordPress plugin through 0.9.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin • https://wpscan.com/vulnerability/f923e557-dc3c-43b7-9545-9e92751c9783 •