Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-25137

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-25 Sep, 2020 | 16:28
Updated At-04 Aug, 2024 | 15:26
Rejected At-
Credits

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alert_name or alert_message parameter to the /alert_check URI.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:25 Sep, 2020 | 16:28
Updated At:04 Aug, 2024 | 15:26
Rejected At:
▼CVE Numbering Authority (CNA)

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alert_name or alert_message parameter to the /alert_check URI.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gist.github.com/mariuszpoplawski/015b605a9bd31f43a8080a105c4312a8
x_refsource_MISC
Hyperlink: https://gist.github.com/mariuszpoplawski/015b605a9bd31f43a8080a105c4312a8
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gist.github.com/mariuszpoplawski/015b605a9bd31f43a8080a105c4312a8
x_refsource_MISC
x_transferred
Hyperlink: https://gist.github.com/mariuszpoplawski/015b605a9bd31f43a8080a105c4312a8
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:25 Sep, 2020 | 17:15
Updated At:30 Sep, 2020 | 00:40

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alert_name or alert_message parameter to the /alert_check URI.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
observium
observium
>>observium>>20.8.10631
cpe:2.3:a:observium:observium:20.8.10631:*:*:*:community:*:*:*
observium
observium
>>observium>>20.8.10631
cpe:2.3:a:observium:observium:20.8.10631:*:*:*:enterprise:*:*:*
observium
observium
>>observium>>20.8.10631
cpe:2.3:a:observium:observium:20.8.10631:*:*:*:professional:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gist.github.com/mariuszpoplawski/015b605a9bd31f43a8080a105c4312a8cve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://gist.github.com/mariuszpoplawski/015b605a9bd31f43a8080a105c4312a8
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

17495Records found
CVE-2020-25148
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.16%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 17:50
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. this can occur via /iftype/type= because of pages/iftype.inc.php.

Action-Not Available
Vendor-observiumn/a
Product-observiumn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-25138
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.16%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 16:30
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alert_check/action=delete_alert_checker/alert_test_id= because of pages/alert_check.inc.php.

Action-Not Available
Vendor-observiumn/a
Product-observiumn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-25141
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.16%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 17:31
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via a /device/device=140/tab=wifi/view= URI.

Action-Not Available
Vendor-observiumn/a
Product-observiumn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-25131
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.16%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 13:56
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the role_name or role_descr parameter to the roles/ URI.

Action-Not Available
Vendor-observiumn/a
Product-observiumn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-25139
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.16%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 16:31
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for delete_syslog_rule, because of syslog_rules.inc.php.

Action-Not Available
Vendor-observiumn/a
Product-observiumn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-25135
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.16%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 14:22
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the graph_title parameter to the graphs/ URI.

Action-Not Available
Vendor-observiumn/a
Product-observiumn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-25140
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.36% / 57.35%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 16:33
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php.

Action-Not Available
Vendor-observiumn/a
Product-observiumn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-25146
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.32% / 54.13%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 17:44
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for edit_syslog_rule.

Action-Not Available
Vendor-observiumn/a
Product-observiumn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-25142
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.20%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 17:33
Updated-04 Aug, 2024 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can forge malicious requests, such as for adding Device Settings via the /addsrv URI.

Action-Not Available
Vendor-observiumn/a
Product-observiumn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-45061
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-8.7||HIGH
EPSS-0.07% / 22.75%
||
7 Day CHG-0.07%
Published-15 Jan, 2025 | 14:59
Updated-22 Aug, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting (xss) vulnerability exists in the weather map editor functionality of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker.

Action-Not Available
Vendor-observiumObservium
Product-observiumObservium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47002
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-8.7||HIGH
EPSS-0.09% / 27.18%
||
7 Day CHG-0.07%
Published-15 Jan, 2025 | 14:59
Updated-22 Aug, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need to click a malicious link provided by the attacker.

Action-Not Available
Vendor-observiumObservium
Product-observiumObservium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-47140
Matching Score-6
Assigner-Talos
ShareView Details
Matching Score-6
Assigner-Talos
CVSS Score-8.7||HIGH
EPSS-0.07% / 22.75%
||
7 Day CHG-0.03%
Published-15 Jan, 2025 | 14:59
Updated-22 Aug, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker.

Action-Not Available
Vendor-observiumObservium
Product-observiumObservium
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-3457
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.60% / 80.94%
||
7 Day CHG~0.00%
Published-17 Sep, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) fields[website] parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or (2) send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-getsymphonyn/a
Product-symphonyn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-8362
Matching Score-4
Assigner-Drupal.org
ShareView Details
Matching Score-4
Assigner-Drupal.org
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.16%
||
7 Day CHG~0.00%
Published-15 Aug, 2025 | 16:27
Updated-21 Aug, 2025 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GoogleTag Manager - Moderately critical - Cross-site scripting - SA-CONTRIB-2025-094

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GoogleTag Manager allows Cross-Site Scripting (XSS).This issue affects GoogleTag Manager: from 0.0.0 before 1.10.0.

Action-Not Available
Vendor-googletag_manager_projectThe Drupal Association
Product-googletag_managerGoogleTag Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-4455
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.31% / 53.85%
||
7 Day CHG~0.00%
Published-20 Nov, 2019 | 18:57
Updated-07 Aug, 2024 | 00:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting vulnerabilities in Tiki 7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the path info to (1) tiki-admin_system.php, (2) tiki-pagehistory.php, (3) tiki-removepage.php, or (4) tiki-rename_page.php.

Action-Not Available
Vendor-tikin/a
Product-tikin/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-21434
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-10.46% / 92.93%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-20 Mar, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_storeGalaxy Store
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-2350
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.29% / 52.35%
||
7 Day CHG~0.00%
Published-07 May, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) getimageajax.php, (2) move_partition_frame.html, or (3) wmInfo.html.

Action-Not Available
Vendor-n/aAccellion (Kiteworks USA, LLC)
Product-file_transfer_appliancen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-9307
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.16%
||
7 Day CHG~0.00%
Published-04 Apr, 2018 | 21:00
Updated-16 Sep, 2024 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dsmall v20180320 allows XSS via the pdr_sn parameter to public/index.php/home/predeposit/index.html.

Action-Not Available
Vendor-dsmall_projectn/a
Product-dsmalln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-4170
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 45.20%
||
7 Day CHG~0.00%
Published-23 Oct, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635.

Action-Not Available
Vendor-n/aThe GNOME Project
Product-empathyn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-2779
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.28% / 78.74%
||
7 Day CHG~0.00%
Published-28 Jan, 2011 | 21:13
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to "replies."

Action-Not Available
Vendor-n/aNovell
Product-groupwisen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-3420
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 51.58%
||
7 Day CHG~0.00%
Published-16 Sep, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Products_Results.php in PowerStore 3.0 allows remote attackers to inject arbitrary web script or HTML via the totalRows_WADAProducts parameter.

Action-Not Available
Vendor-webassistn/a
Product-powerstoren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-0798
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.46% / 63.35%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 02:33
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request, aka 'Skype for Business and Lync Spoofing Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-lync_serverskype_for_business_serverSkype for Business Server 2015Microsoft Lync Server 2013
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-2214
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.11% / 30.74%
||
7 Day CHG~0.00%
Published-08 Feb, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-agile_controller-campusn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-38157
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.50% / 65.10%
||
7 Day CHG~0.00%
Published-06 Aug, 2021 | 20:58
Updated-04 Aug, 2024 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Action-Not Available
Vendor-leostreamn/a
Product-connection_brokern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-5099
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.47% / 63.81%
||
7 Day CHG~0.00%
Published-05 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding.

Action-Not Available
Vendor-n/aphpMyAdminopenSUSE
Product-phpmyadminopensusen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-3459
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.52% / 65.66%
||
7 Day CHG~0.00%
Published-17 Sep, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Ajax WebMail interface in AXIGEN Mail Server before 7.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-gecadn/a
Product-axigen_mail_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-1451
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.25% / 48.21%
||
7 Day CHG~0.00%
Published-15 Jul, 2016 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Server (formerly Acano Conferencing Server) 1.7 through 1.9 allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva19922.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-meeting_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-3983
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 57.31%
||
7 Day CHG~0.00%
Published-24 Oct, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to cookies.

Action-Not Available
Vendor-kent-webn/a
Product-web_forumn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-4616
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.67% / 70.39%
||
7 Day CHG~0.00%
Published-06 Jan, 2012 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro module before 0.9507 for Perl allows remote attackers to inject arbitrary web script or HTML via template parameters, related to improper handling of > (greater than) and < (less than) characters.

Action-Not Available
Vendor-igor_vlasenkon/a
Product-html-template-pron/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-2076
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.10% / 28.22%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 19:31
Updated-02 Aug, 2024 | 06:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Traffic Offense Management System Users.phpp cross site scripting

A vulnerability classified as problematic was found in Campcodes Online Traffic Offense Management System 1.0. This vulnerability affects unknown code of the file /classes/Users.phpp. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226054 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-online_traffic_offense_management_system_projectCampCodes
Product-online_traffic_offense_management_systemOnline Traffic Offense Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-3424
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 53.54%
||
7 Day CHG~0.00%
Published-16 Sep, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-invisioncommunityn/a
Product-invision_power_boardn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-4780
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.47% / 63.87%
||
7 Day CHG~0.00%
Published-22 Dec, 2011 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in libraries/display_export.lib.php in phpMyAdmin 3.4.x before 3.4.9 allow remote attackers to inject arbitrary web script or HTML via crafted URL parameters, related to the export panels in the (1) server, (2) database, and (3) table sections.

Action-Not Available
Vendor-n/aphpMyAdmin
Product-phpmyadminn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-3472
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 54.45%
||
7 Day CHG~0.00%
Published-20 Sep, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-filenet_p8_application_enginen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-4544
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.93% / 75.17%
||
7 Day CHG~0.00%
Published-01 Dec, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) address or (2) relativ_base_dir parameter to modules/mondialrelay/googlemap.php; the (3) relativ_base_dir, (4) Pays, (5) Ville, (6) CP, (7) Poids, (8) Action, or (9) num parameter to prestashop/modules/mondialrelay/googlemap.php; (10) the num_mode parameter to modules/mondialrelay/kit_mondialrelay/RechercheDetailPointRelais_ajax.php; (11) the Expedition parameter to modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php; or the (12) folder or (13) name parameter to admin/ajaxfilemanager/ajax_save_text.php.

Action-Not Available
Vendor-n/aPrestaShop S.A
Product-prestashopn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-4709
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-11.44% / 93.32%
||
7 Day CHG~0.00%
Published-08 Dec, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Hotaru.php in the Search plugin 1.3 for Hotaru CMS allow remote attackers to inject arbitrary web script or HTML via the (1) SITE_NAME parameter to admin_index.php, or the (2) return and (3) search parameters to index.php. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-hotarun/a
Product-hotaru_cmssearch_pluginn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-5077
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.16%
||
7 Day CHG~0.00%
Published-10 Apr, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netikus EventSentry before 3.2.1.44 has XSS via SNMP.

Action-Not Available
Vendor-netikusn/a
Product-eventsentryNetikus EventSentry before 3.2.1.44
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-0321
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.1||MEDIUM
EPSS-0.47% / 63.40%
||
7 Day CHG~0.00%
Published-10 Jul, 2019 | 18:54
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ABAP Server and ABAP Platform (SAP Basis), versions, 7.31, 7.4, 7.5, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

Action-Not Available
Vendor-SAP SE
Product-netweaver_as_abapnetweaver_application_server_abapABAP Server and ABAP Platform (SAP Basis)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-4923
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.71% / 71.34%
||
7 Day CHG~0.00%
Published-18 Feb, 2012 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer, a different vulnerability than CVE-2011-3361.

Action-Not Available
Vendor-craig_barrattn/a
Product-backuppcn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-2858
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-4.09% / 88.11%
||
7 Day CHG~0.00%
Published-23 Jul, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in news.php in SimpNews 2.47.03 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) layout and (2) sortorder parameters.

Action-Not Available
Vendor-boesch-itn/a
Product-simpnewsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-4333
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.33% / 55.29%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) from parameter to index.php or the (2) page_no parameter to recentchanges.php.

Action-Not Available
Vendor-scilicon/a
Product-labwikin/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-7198
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.50% / 64.70%
||
7 Day CHG~0.00%
Published-18 Feb, 2018 | 03:00
Updated-05 Aug, 2024 | 06:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page.

Action-Not Available
Vendor-octobercmsn/a
Product-octobern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-3862
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.58% / 67.77%
||
7 Day CHG~0.00%
Published-28 Sep, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.

Action-Not Available
Vendor-adazingn/aWordPress.org
Product-wordpressmorning_coffeen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-4624
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-5.99% / 90.32%
||
7 Day CHG~0.00%
Published-01 Oct, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

Action-Not Available
Vendor-codeasilyn/a
Product-grand_flagalleryn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-2142
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.10% / 28.25%
||
7 Day CHG+0.01%
Published-26 Nov, 2024 | 11:24
Updated-27 Nov, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nunjucks autoescape bypass leads to cross site scripting

In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the backslash \ character.

Action-Not Available
Vendor-Mozilla Corporation
Product-Nunjucksnunjucks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-4341
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.79% / 81.95%
||
7 Day CHG~0.00%
Published-12 Feb, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in symphony/content/content.publish.php in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author permissions to execute arbitrary SQL commands via the filter parameter to (1) symphony/publish/comments or (2) symphony/publish/images. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks via error messages. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-symphony-cmsn/a
Product-symphony_cmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-4754
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 45.20%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by smb/app/available/id/apscatalog/ and certain other files.

Action-Not Available
Vendor-n/aParallels International Gmbh
Product-parallels_plesk_small_business_paneln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-4193
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 49.43%
||
7 Day CHG~0.00%
Published-16 Apr, 2014 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the overlay files tab in SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted application, related to cloning.

Action-Not Available
Vendor-n/aSUSE
Product-studio_extension_for_system_zstudio_onsiten/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-38352
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.1||MEDIUM
EPSS-0.21% / 43.58%
||
7 Day CHG~0.00%
Published-10 Sep, 2021 | 13:33
Updated-02 May, 2025 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Feedify – Web Push Notifications <= 2.1.8 Reflected Cross-Site Scripting

The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8.

Action-Not Available
Vendor-feedifyFeedify – Web Push Notifications
Product-web_push_notificationsFeedify – Web Push Notifications
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-9857
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.30% / 52.42%
||
7 Day CHG~0.00%
Published-09 Apr, 2018 | 07:00
Updated-05 Aug, 2024 | 07:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the "View Search By Id" screen).

Action-Not Available
Vendor-match_clone_script_projectn/a
Product-match_clone_scriptn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-27680
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.13% / 33.72%
||
7 Day CHG~0.00%
Published-04 Mar, 2024 | 00:00
Updated-26 Mar, 2025 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Flusity-CMS v2.33 is vulnerable to Cross Site Scripting (XSS) in the "Contact form."

Action-Not Available
Vendor-flusityn/aflusity
Product-flusityn/aflusity
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 349
  • 350
  • Next
Details not found