Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-7552

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-06 Jun, 2019 | 15:36
Updated At-04 Aug, 2024 | 20:54
Rejected At-
Credits

An issue was discovered in PHP Scripts Mall Investment MLM Software 2.0.2. Stored XSS was found in the the My Profile Section. This is due to lack of sanitization in the Edit Name section.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:06 Jun, 2019 | 15:36
Updated At:04 Aug, 2024 | 20:54
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in PHP Scripts Mall Investment MLM Software 2.0.2. Stored XSS was found in the the My Profile Section. This is due to lack of sanitization in the Edit Name section.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.phpscriptsmall.com/product/investment-mlm/
x_refsource_MISC
https://securityhitlist.blogspot.com/2019/02/cve-2019-7552-php-scripts-mall.html
x_refsource_MISC
Hyperlink: https://www.phpscriptsmall.com/product/investment-mlm/
Resource:
x_refsource_MISC
Hyperlink: https://securityhitlist.blogspot.com/2019/02/cve-2019-7552-php-scripts-mall.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.phpscriptsmall.com/product/investment-mlm/
x_refsource_MISC
x_transferred
https://securityhitlist.blogspot.com/2019/02/cve-2019-7552-php-scripts-mall.html
x_refsource_MISC
x_transferred
Hyperlink: https://www.phpscriptsmall.com/product/investment-mlm/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://securityhitlist.blogspot.com/2019/02/cve-2019-7552-php-scripts-mall.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:06 Jun, 2019 | 16:29
Updated At:21 Apr, 2020 | 17:52

An issue was discovered in PHP Scripts Mall Investment MLM Software 2.0.2. Stored XSS was found in the the My Profile Section. This is due to lack of sanitization in the Edit Name section.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary2.03.5LOW
AV:N/AC:M/Au:S/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Type: Primary
Version: 2.0
Base score: 3.5
Base severity: LOW
Vector:
AV:N/AC:M/Au:S/C:N/I:P/A:N
CPE Matches
investment_mlm_software_project
investment_mlm_software_project
>>investment_mlm_software>>2.0.2
cpe:2.3:a:investment_mlm_software_project:investment_mlm_software:2.0.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://securityhitlist.blogspot.com/2019/02/cve-2019-7552-php-scripts-mall.htmlcve@mitre.org
Exploit
Third Party Advisory
https://www.phpscriptsmall.com/product/investment-mlm/cve@mitre.org
Third Party Advisory
Hyperlink: https://securityhitlist.blogspot.com/2019/02/cve-2019-7552-php-scripts-mall.html
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.phpscriptsmall.com/product/investment-mlm/
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

12514Records found
CVE-2023-23892
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.74%
||
7 Day CHG~0.00%
Published-24 Apr, 2023 | 13:48
Updated-09 Jan, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress M Chart Plugin <= 1.9.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Jamie Poitra M Chart plugin <= 1.9.4 versions.

Action-Not Available
Vendor-m_chart_projectJamie Poitra
Product-m_chartM Chart
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23699
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.74%
||
7 Day CHG~0.00%
Published-29 May, 2023 | 14:00
Updated-02 Aug, 2024 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Progress Bar Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Reynolds Progress Bar plugin <= 2.2.1 versions.

Action-Not Available
Vendor-progress_bar_projectChris Reynolds
Product-progress_barProgress Bar
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23999
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.74%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 10:14
Updated-09 Jan, 2025 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Google Analytics by Monster Insights Plugin <= 8.14.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in MonsterInsights plugin <= 8.14.0 versions.

Action-Not Available
Vendor-MonsterInsights, LLC
Product-google_analytics_dashboardMonsterInsights
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23949
Matching Score-4
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-4
Assigner-Symantec - A Division of Broadcom
CVSS Score-8.1||HIGH
EPSS-0.51% / 65.31%
||
7 Day CHG~0.00%
Published-24 Jan, 2023 | 00:00
Updated-02 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-symantec_identity_managersymantec_identity_governance_and_administrationSymantec Identity Management And Governance
CWE ID-CWE-779
Logging of Excessive Data
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-2219
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.12% / 31.89%
||
7 Day CHG~0.00%
Published-02 Jul, 2020 | 14:55
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Link Column Plugin 1.0 and earlier does not filter URLs of links created by users with View/Configure permission, resulting in a stored cross-site scripting vulnerability.

Action-Not Available
Vendor-Jenkins
Product-link_columnJenkins Link Column Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-24181
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 27.23%
||
7 Day CHG~0.00%
Published-10 Apr, 2023 | 00:00
Updated-11 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm.

Action-Not Available
Vendor-n/aOpenWrt
Product-lucin/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1504
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.5||LOW
EPSS-0.34% / 55.66%
||
7 Day CHG~0.00%
Published-07 May, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA allows remote authenticated users to inject arbitrary web script or HTML via a blog title.

Action-Not Available
Vendor-n/aLiferay Inc.
Product-portaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-24203
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.30% / 53.02%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 16:18
Updated-22 Apr, 2025 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitary code via the company or query parameter(s).

Action-Not Available
Vendor-n/aSourceCodester
Product-simple_customer_relationship_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-24378
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 35.11%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 13:48
Updated-10 Jan, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Glossary Plugin <= 2.1.27 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Codeat Glossary plugin <= 2.1.27 versions.

Action-Not Available
Vendor-codeatCodeat
Product-glossaryGlossary
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23885
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.74%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 11:46
Updated-10 Jan, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Quick Contact Form Plugin <= 8.0.3.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions.

Action-Not Available
Vendor-fullworkspluginsFullworks
Product-quick_contact_formQuick Contact Form
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-33209
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.64% / 69.55%
||
7 Day CHG~0.00%
Published-02 Oct, 2024 | 00:00
Updated-14 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FlatPress v1.3 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript code into the "Add New Entry" section, which allows them to execute arbitrary code in the context of a victim's web browser.

Action-Not Available
Vendor-flatpressn/a
Product-flatpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-16631
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 42.96%
||
7 Day CHG~0.00%
Published-04 Dec, 2018 | 16:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter.

Action-Not Available
Vendor-intelliantsn/a
Product-subrion_cmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-2343
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.2||MEDIUM
EPSS-0.00% / 0.01%
||
7 Day CHG~0.00%
Published-27 Apr, 2023 | 00:00
Updated-30 Jan, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting (XSS) - DOM in pimcore/pimcore

Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.

Action-Not Available
Vendor-Pimcore
Product-pimcorepimcore/pimcore
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23880
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.74%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 11:23
Updated-25 Sep, 2024 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ExactMetrics Plugin <= 7.14.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExactMetrics plugin <= 7.14.1 versions.

Action-Not Available
Vendor-ExactMetricsMonsterInsights, LLC
Product-exactmetricsExactMetrics
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-2328
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.2||MEDIUM
EPSS-0.00% / 0.05%
||
7 Day CHG~0.00%
Published-27 Apr, 2023 | 00:00
Updated-31 Jan, 2025 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting (XSS) - Generic in pimcore/pimcore

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.

Action-Not Available
Vendor-Pimcore
Product-pimcorepimcore/pimcore
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23878
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.05% / 15.31%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 11:38
Updated-07 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Google Map Plugin Plugin <= 4.3.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin <= 4.3.9 versions.

Action-Not Available
Vendor-wepluginsflippercode
Product-wp_mapsWordPress Plugin for Google Maps – WP MAPS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23977
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.74%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 12:56
Updated-19 Feb, 2025 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Heateor Social Comments Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Team Heateor WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments plugin <= 1.6.1 versions.

Action-Not Available
Vendor-Heateor
Product-social_commentsWordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23708
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.74%
||
7 Day CHG~0.00%
Published-03 May, 2023 | 12:27
Updated-19 Feb, 2025 | 21:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Visualizer Plugin <= 3.9.4 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.4 versions.

Action-Not Available
Vendor-ThemeisleThemeisle
Product-visualizerVisualizer: Tables and Charts Manager for WordPress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-24009
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.74%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 10:14
Updated-25 Sep, 2024 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Upfrontwp Theme <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Auth. (subscriber+) Reflected Cross-site Scripting (XSS) vulnerability in Wpazure Themes Upfrontwp theme <= 1.1 versions.

Action-Not Available
Vendor-wpazureWpazure Themes
Product-upfrontwpUpfrontwp
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23641
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.74%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 09:18
Updated-10 Oct, 2024 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Uji Popup Plugin <= 1.4.3 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPmanage Uji Popup plugin <= 1.4.3 versions.

Action-Not Available
Vendor-wpmanageWPmanage
Product-uji_popupUji Popup
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23876
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.74%
||
7 Day CHG~0.00%
Published-03 May, 2023 | 13:12
Updated-09 Jan, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress wpDataTables Plugin <= 2.1.49 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TMS-Plugins wpDataTables plugin <= 2.1.49 versions.

Action-Not Available
Vendor-tms-outsourceTMS-Plugins
Product-wpdatatableswpDataTables
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1029
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.21% / 43.25%
||
7 Day CHG~0.00%
Published-14 Feb, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 2.0.0.x allows remote authenticated users to inject arbitrary web script or HTML via the name of a shared report.

Action-Not Available
Vendor-n/aIBM Corporation
Product-rational_team_concertn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1129
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.25% / 48.40%
||
7 Day CHG~0.00%
Published-21 Jun, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the EditNews function in ManageNews.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, might allow remote authenticated users to inject arbitrary web script or HTML via a save_items action.

Action-Not Available
Vendor-simplemachinesn/a
Product-smfn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23889
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.74%
||
7 Day CHG~0.00%
Published-25 Apr, 2023 | 19:24
Updated-09 Jan, 2025 | 15:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.

Action-Not Available
Vendor-fullworkspluginsFullworks
Product-quick_paypal_paymentsQuick Paypal Payments
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23717
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.74%
||
7 Day CHG~0.00%
Published-23 Apr, 2023 | 10:12
Updated-10 Jan, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Portfolio Slideshow Plugin <= 1.13.0 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in George Gecewicz Portfolio Slideshow plugin <= 1.13.0 versions.

Action-Not Available
Vendor-portfolio_slideshow_projectGeorge Gecewicz
Product-portfolio_slideshowPortfolio Slideshow
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23898
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 23.74%
||
7 Day CHG~0.00%
Published-06 Apr, 2023 | 10:08
Updated-10 Jan, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Blocksy Companion Plugin <= 1.8.67 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeThemes Blocksy Companion plugin <= 1.8.67 versions.

Action-Not Available
Vendor-creativethemesCreativeThemes
Product-blocksy_companionBlocksy Companion
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23686
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.74%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 11:26
Updated-10 Jan, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Staff List Plugin <= 2.2.2 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.2 versions.

Action-Not Available
Vendor-simple_staff_list_projectBrett Shumaker
Product-simple_staff_listSimple Staff List
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-3307
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.4||MEDIUM
EPSS-0.21% / 42.99%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 16:52
Updated-28 Jan, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown widget's attributes in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Action-Not Available
Vendor-HasTech IT Limited (HasThemes)
Product-ht_megaHT Mega – Absolute Addons For Elementor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23685
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.74%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 11:05
Updated-19 Feb, 2025 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Portfolio – WordPress Portfolio Plugin Plugin <= 2.8.10 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in RadiusTheme Portfolio – WordPress Portfolio plugin <= 2.8.10 versions.

Action-Not Available
Vendor-radiusthemeRadiusTheme
Product-portfolioPortfolio – WordPress Portfolio Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-16727
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 41.23%
||
7 Day CHG~0.00%
Published-12 Sep, 2018 | 16:00
Updated-05 Aug, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component.

Action-Not Available
Vendor-razorcmsn/a
Product-razorcmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-3486
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.18% / 40.32%
||
7 Day CHG~0.00%
Published-30 Sep, 2009 | 15:00
Updated-17 Sep, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the diagnose program; or (2) the traceroute program, reachable through the diagnose program; or (3) the probe-limit parameter to the configuration program; the (4) wizard-ids or (5) pager-new-identifier parameter in a firewall-filters action to the configuration program; (6) the cos-physical-interface-name parameter in a cos-physical-interfaces-edit action to the configuration program; the (7) wizard-args or (8) wizard-ids parameter in an snmp action to the configuration program; the (9) username or (10) fullname parameter in a users action to the configuration program; or the (11) certname or (12) certbody parameter in a local-cert (aka https) action to the configuration program.

Action-Not Available
Vendor-n/aJuniper Networks, Inc.
Product-junosn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34091
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.14% / 35.38%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 00:00
Updated-18 Mar, 2025 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed in the background of the application and renders content inaccessible. 6.14 P3 (6.14.0.3) is also a fixed release.

Action-Not Available
Vendor-archerirmn/aarcher
Product-archern/aplatform
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-2342
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4||MEDIUM
EPSS-0.00% / 0.07%
||
7 Day CHG~0.00%
Published-27 Apr, 2023 | 00:00
Updated-31 Jan, 2025 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting (XSS) - Reflected in pimcore/pimcore

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.

Action-Not Available
Vendor-Pimcore
Product-pimcorepimcore/pimcore
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23856
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 45.05%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 03:15
Updated-20 Mar, 2025 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause a low impact on integrity of the application.

Action-Not Available
Vendor-SAP SE
Product-business_objects_business_intelligence_platformSAP BusinessObjects Business Intelligence (Web Intelligence UI)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-23831
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 20.57%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 13:40
Updated-02 Aug, 2024 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rating Widget Plugin <= 3.1.9 is vulnerable to Cross Site Scripting (XSS)

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rating-Widget Rating-Widget: Star Review System plugin <= 3.1.9 versions.

Action-Not Available
Vendor-rating-widgetRating-Widget
Product-ratingwidgetRating-Widget: Star Review System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34141
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.4||MEDIUM
EPSS-1.20% / 78.11%
||
7 Day CHG~0.00%
Published-25 Jun, 2024 | 08:50
Updated-07 Oct, 2024 | 12:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Action-Not Available
Vendor-Adobe Inc.
Product-experience_managerAdobe Experience Manageradobe_experience_manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-22902
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-5.4||MEDIUM
EPSS-0.05% / 16.60%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openfind Mail2000 - XSS

Openfind Mail2000 file uploading function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can exploit this vulnerability to inject JavaScript, conducting an XSS attack.

Action-Not Available
Vendor-openfindOpenfind
Product-mail2000Mail2000
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-32576
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 20.57%
||
7 Day CHG~0.00%
Published-25 Aug, 2023 | 08:38
Updated-24 Sep, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Locatoraid Store Locator Plugin <= 3.9.18 is vulnerable to Cross Site Scripting (XSS)

Auth. (subscriber+) Stored Cross-Site Scripting') vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.18 versions.

Action-Not Available
Vendor-plainwairePlainware
Product-locatoraid_store_locatorLocatoraid Store Locator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-2269
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.23% / 46.02%
||
7 Day CHG~0.00%
Published-16 Sep, 2020 | 13:20
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape view names in the dropdown to select views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to configure views.

Action-Not Available
Vendor-Jenkins
Product-chosen-views-tabbarJenkins chosen-views-tabbar Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-22253
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.4||MEDIUM
EPSS-0.98% / 75.80%
||
7 Day CHG~0.00%
Published-22 Mar, 2023 | 00:00
Updated-05 Mar, 2025 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AEM Reflected XSS Arbitrary code execution

Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Action-Not Available
Vendor-Adobe Inc.
Product-experience_manager_cloud_serviceexperience_managerExperience Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-2236
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.23% / 46.02%
||
7 Day CHG~0.00%
Published-12 Aug, 2020 | 13:25
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not escape tooltip content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users with Run/Update permission.

Action-Not Available
Vendor-Jenkins
Product-yet_another_build_visualizerJenkins Yet Another Build Visualizer Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-22425
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.4||MEDIUM
EPSS-0.32% / 54.37%
||
7 Day CHG~0.00%
Published-24 Feb, 2023 | 00:00
Updated-12 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.

Action-Not Available
Vendor-ss-projSHIRASAGI Project
Product-shirasagiSHIRASAGI
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34090
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.43% / 61.64%
||
7 Day CHG~0.00%
Published-06 May, 2024 | 00:00
Updated-18 Mar, 2025 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site scripting (XSS) vulnerability. The login banner in the Archer Control Panel (ACP) did not previously escape content appropriately. 6.14 P3 (6.14.0.3) is also a fixed release.

Action-Not Available
Vendor-archerirmn/a
Product-archern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-34120
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.4||MEDIUM
EPSS-0.82% / 73.40%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 07:53
Updated-07 Oct, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Action-Not Available
Vendor-Adobe Inc.
Product-experience_managerAdobe Experience Managerexperience_manager_cloud_service
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-2325
Matching Score-4
Assigner-M-Files Corporation
ShareView Details
Matching Score-4
Assigner-M-Files Corporation
CVSS Score-7.3||HIGH
EPSS-0.08% / 24.62%
||
7 Day CHG~0.00%
Published-20 Oct, 2023 | 06:39
Updated-28 Aug, 2024 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS Vulnerability in M-Files Classic Web

Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document.

Action-Not Available
Vendor-M-Files Oy
Product-classic_webM-Files Web
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-22860
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 26.88%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 14:23
Updated-10 Mar, 2025 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cloud Pak for Business Automation cross-site scripting

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100.

Action-Not Available
Vendor-IBM Corporation
Product-cloud_pak_for_business_automationCloud Pak for Business Automation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-24445
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-9||CRITICAL
EPSS-1.09% / 77.03%
||
7 Day CHG~0.00%
Published-10 Dec, 2020 | 05:32
Updated-17 Sep, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting Vulnerability in Commenting Function of Adobe Experience Manager (AEM)

AEM's Cloud Service offering, as well as version 6.5.6.0 (and below), are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Action-Not Available
Vendor-Adobe Inc.
Product-experience_manager_cloud_serviceexperience_managerExperience Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-22269
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-5.4||MEDIUM
EPSS-0.93% / 75.12%
||
7 Day CHG~0.00%
Published-22 Mar, 2023 | 00:00
Updated-05 Mar, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AEM Reflected XSS Arbitrary code execution

Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Action-Not Available
Vendor-Adobe Inc.
Product-experience_manager_cloud_serviceexperience_managerExperience Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-2238
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-0.23% / 46.02%
||
7 Day CHG~0.00%
Published-01 Sep, 2020 | 13:50
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the repository field on the 'Build with Parameters' page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Action-Not Available
Vendor-Jenkins
Product-git_parameterJenkins Git Parameter Plugin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-23014
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.57% / 67.71%
||
7 Day CHG~0.00%
Published-22 Jan, 2021 | 20:44
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

APfell 1.4 is vulnerable to authenticated reflected cross-site scripting (XSS) in /apiui/command_ through the payloadtypes_callback function, which allows an attacker to steal remote admin/user session and/or adding new users to the administration panel.

Action-Not Available
Vendor-apfell_projectn/a
Product-apfelln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 250
  • 251
  • Next
Details not found