5052 results (0.250 seconds)

CVSS: 4.3EPSS: %CPEs: -EXPL: 0

VMware NSX contains a content spoofing vulnerability.  An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.0EPSS: %CPEs: -EXPL: 0

There are a variety of Cross-site Scripting issues, though all of them require elevated permissions. • https://github.com/miraheze/IncidentReporting/commit/43896a47de4e05ac94ec0472c220da944da16c5c https://github.com/miraheze/IncidentReporting/security/advisories/GHSA-9p36-hrmr-98r9 https://issue-tracker.miraheze.org/T12702 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 6.0EPSS: %CPEs: -EXPL: 0

Anyone who can edit the interface strings of a wiki (typically administrators and interface admins) can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. ... This causes the XSS to be virtually useless as users with those rights can already edit Javascript pages. • https://github.com/miraheze/ImportDump/commit/d054b9529129af79d4426df24faa80014cb16602 https://github.com/miraheze/ImportDump/security/advisories/GHSA-465h-45v4-6fx9 https://issue-tracker.miraheze.org/T12698 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •

CVSS: 7.0EPSS: %CPEs: 1EXPL: 0

A reflected XSS vulnerability in Palo Alto Networks Expedition enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft. • https://security.paloaltonetworks.com/PAN-SA-2024-0010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: %CPEs: 1EXPL: 0

The Maximum Products per User for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.2.8. • source=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •