Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-46677

Summary
Assigner-ARTICA
Assigner Org ID-63375d6c-d89a-45ed-8ecc-c8c361b0e04c
Published At-05 Aug, 2022 | 15:26
Updated At-17 Sep, 2024 | 03:08
Rejected At-
Credits

Vulnerability XSS in Event filter name field

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the event filter name field.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ARTICA
Assigner Org ID:63375d6c-d89a-45ed-8ecc-c8c361b0e04c
Published At:05 Aug, 2022 | 15:26
Updated At:17 Sep, 2024 | 03:08
Rejected At:
▼CVE Numbering Authority (CNA)
Vulnerability XSS in Event filter name field

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the event filter name field.

Affected Products
Vendor
Pandora FMS S.L.U.Artica PFMS
Product
Pandora FMS
Platforms
  • all
Versions
Affected
  • From v756 through v756 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79 Cross-site Scripting (XSS)
Type: CWE
CWE ID: CWE-79
Description: CWE-79 Cross-site Scripting (XSS)
Metrics
VersionBase scoreBase severityVector
3.14.0MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Version: 3.1
Base score: 4.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

This vulnerability has been solved in the 757 version of Pandora FMS.

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/
x_refsource_CONFIRM
https://www.incibe.es/en/cve-assignment-publication/coordinated-cves
x_refsource_CONFIRM
Hyperlink: https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.incibe.es/en/cve-assignment-publication/coordinated-cves
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/
x_refsource_CONFIRM
x_transferred
https://www.incibe.es/en/cve-assignment-publication/coordinated-cves
x_refsource_CONFIRM
x_transferred
Hyperlink: https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.incibe.es/en/cve-assignment-publication/coordinated-cves
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@pandorafms.com
Published At:05 Aug, 2022 | 16:15
Updated At:07 Aug, 2022 | 03:16

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the event filter name field.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Secondary3.14.0MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 4.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
CPE Matches

Pandora FMS S.L.U.
pandorafms
>>pandora_fms>>Versions before 757(exclusive)
cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE-79Secondarysecurity@pandorafms.com
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-79
Type: Secondary
Source: security@pandorafms.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/security@pandorafms.com
Vendor Advisory
https://www.incibe.es/en/cve-assignment-publication/coordinated-cvessecurity@pandorafms.com
Third Party Advisory
Hyperlink: https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/
Source: security@pandorafms.com
Resource:
Vendor Advisory
Hyperlink: https://www.incibe.es/en/cve-assignment-publication/coordinated-cves
Source: security@pandorafms.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

9007Records found

CVE-2023-24514
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-6.3||MEDIUM
EPSS-0.30% / 52.72%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 13:02
Updated-27 Sep, 2024 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored Cross Site Scripting Vulnerability in Visual Console Module

Cross-site Scripting (XSS) vulnerability in Visual Console Module of Pandora FMS could be used to hijack admin users session cookie values, carry out phishing attacks, etc. This issue affects Pandora FMS v767 version and prior versions on all platforms.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-47373
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-6.4||MEDIUM
EPSS-0.25% / 47.86%
||
7 Day CHG+0.02%
Published-15 Feb, 2023 | 00:00
Updated-04 Apr, 2025 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected Cross Site Scripting in Search Functionality of Module Library

Reflected Cross Site Scripting in Search Functionality of Module Library in Pandora FMS Console v766 and lower. This vulnerability arises on the forget password functionality in which parameter username does not proper input validation/sanitization thus results in executing malicious JavaScript payload.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-0828
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-6.7||MEDIUM
EPSS-0.26% / 48.89%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 10:44
Updated-23 Sep, 2024 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored Cross Site Scripting in syslog section

Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMSpandora_fms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46679
Matching Score-10
Assigner-Pandora FMS
ShareView Details
Matching Score-10
Assigner-Pandora FMS
CVSS Score-4||MEDIUM
EPSS-0.29% / 52.38%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:25
Updated-16 Sep, 2024 | 23:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerability XSS in service elements

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via service elements.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46681
Matching Score-10
Assigner-Pandora FMS
ShareView Details
Matching Score-10
Assigner-Pandora FMS
CVSS Score-4||MEDIUM
EPSS-0.29% / 52.38%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:25
Updated-17 Sep, 2024 | 02:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerability XSS in module mass operation name field

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-44089
Matching Score-10
Assigner-Pandora FMS
ShareView Details
Matching Score-10
Assigner-Pandora FMS
CVSS Score-6.1||MEDIUM
EPSS-0.11% / 30.02%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 11:50
Updated-17 Sep, 2024 | 13:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XSS in Visual Console

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). It was possible to execute malicious JS code on Visual Consoles. This issue affects Pandora FMS: from 700 through 774.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-41814
Matching Score-10
Assigner-Pandora FMS
ShareView Details
Matching Score-10
Assigner-Pandora FMS
CVSS Score-3.7||LOW
EPSS-0.69% / 70.84%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 11:45
Updated-02 Aug, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XSS Vulnerability Messages

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. This issue affects Pandora FMS: from 700 through 774.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-41815
Matching Score-10
Assigner-Pandora FMS
ShareView Details
Matching Score-10
Assigner-Pandora FMS
CVSS Score-7.5||HIGH
EPSS-0.14% / 33.91%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 11:46
Updated-02 Aug, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XSS in File manager

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Malicious code could be executed in the File Manager section. This issue affects Pandora FMS: from 700 through 774.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-41813
Matching Score-10
Assigner-Pandora FMS
ShareView Details
Matching Score-10
Assigner-Pandora FMS
CVSS Score-3||LOW
EPSS-0.51% / 65.52%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 11:42
Updated-02 Aug, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User notification settings edition

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Allows you to edit the Web Console user notification options. This issue affects Pandora FMS: from 700 through 774.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46680
Matching Score-10
Assigner-Pandora FMS
ShareView Details
Matching Score-10
Assigner-Pandora FMS
CVSS Score-4||MEDIUM
EPSS-0.41% / 60.24%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:26
Updated-16 Sep, 2024 | 23:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerability XSS in module form name field

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the module form name field.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46676
Matching Score-10
Assigner-Pandora FMS
ShareView Details
Matching Score-10
Assigner-Pandora FMS
CVSS Score-4||MEDIUM
EPSS-0.29% / 52.38%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:25
Updated-16 Sep, 2024 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerability XSS in Transaction Map name field

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the transactional maps name field.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46678
Matching Score-10
Assigner-Pandora FMS
ShareView Details
Matching Score-10
Assigner-Pandora FMS
CVSS Score-4||MEDIUM
EPSS-0.41% / 60.24%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:26
Updated-17 Sep, 2024 | 03:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vulnerability XSS in service form name field

A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-47372
Matching Score-6
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-6
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.6||HIGH
EPSS-0.19% / 41.17%
||
7 Day CHG~0.00%
Published-15 Feb, 2023 | 00:00
Updated-18 Mar, 2025 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored cross-site scripting vulnerability in create event section

Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the stored XSS payload.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-45436
Matching Score-6
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-6
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-6.1||MEDIUM
EPSS-0.83% / 73.64%
||
7 Day CHG+0.07%
Published-15 Feb, 2023 | 00:00
Updated-18 Mar, 2025 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored cross-site scripting vulnerability in network maps editor feature

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all platforms, allows Cross-Site Scripting (XSS). As a manager privilege user , create a network map containing name as xss payload. Once created, admin user must click on the edit network maps and XSS payload will be executed, which could be used for stealing admin users cookie value.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-45437
Matching Score-6
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-6
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-6.5||MEDIUM
EPSS-0.35% / 56.63%
||
7 Day CHG+0.03%
Published-15 Feb, 2023 | 00:00
Updated-18 Mar, 2025 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored cross-site scripting vulnerability in the reporting dashboard module

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Artica PFMS Pandora FMS v765 on all allows Cross-Site Scripting (XSS). A user with edition privileges can create a Payload in the reporting dashboard module. An admin user can observe the Payload without interaction and attacker can get information.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-43980
Matching Score-6
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-6
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-5.2||MEDIUM
EPSS-0.20% / 41.77%
||
7 Day CHG~0.00%
Published-27 Jan, 2023 | 00:00
Updated-27 Mar, 2025 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site scripting vulnerability in the network maps edit functionality

There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network maps, the XSS payload will be executed. The exploitation of this vulnerability could allow an atacker to steal the value of the admin user´s cookie.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-35501
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.38% / 58.34%
||
7 Day CHG~0.00%
Published-25 Jun, 2021 | 15:05
Updated-04 Aug, 2024 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed.

Action-Not Available
Vendor-n/aPandora FMS S.L.U.
Product-pandora_fmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-8629
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 57.48%
||
7 Day CHG~0.00%
Published-19 Nov, 2014 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Page visualization agents in Pandora FMS 5.1 SP1 and earlier allows remote attackers to inject arbitrary web script or HTML via the refr parameter to index.php.

Action-Not Available
Vendor-n/aPandora FMS S.L.U.
Product-pandora_flexible_monitoring_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-11749
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9||CRITICAL
EPSS-4.86% / 89.14%
||
7 Day CHG~0.00%
Published-13 Jul, 2020 | 14:11
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2.

Action-Not Available
Vendor-n/aPandora FMS S.L.U.
Product-pandora_fmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-13853
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.29% / 52.04%
||
7 Day CHG~0.00%
Published-11 Jun, 2020 | 02:14
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Artica Pandora FMS 7.44 has persistent XSS in the Messages feature.

Action-Not Available
Vendor-n/aPandora FMS S.L.U.
Product-pandora_fmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19968
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.31% / 53.50%
||
7 Day CHG~0.00%
Published-04 Feb, 2020 | 14:14
Updated-05 Aug, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting the Agent Management, Report Builder, and Graph Builder components. An authenticated user can inject dangerous content into a data store that is later read and included in dynamic content.

Action-Not Available
Vendor-n/aPandora FMS S.L.U.
Product-pandora_fmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-24516
Matching Score-6
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-6
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-5.9||MEDIUM
EPSS-0.40% / 59.68%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 13:03
Updated-06 Sep, 2024 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored Cross Site Scripting - Special Days Module

Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Days component allows an attacker to use it to steal the session cookie value of admin users easily with little user interaction. This issue affects Pandora FMS v767 version and prior versions on all platforms.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-2059
Matching Score-6
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-6
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-3.5||LOW
EPSS-0.62% / 69.02%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 17:48
Updated-16 Sep, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored Cross Site-Scripting in Agent Manager

In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-2032
Matching Score-6
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-6
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-3.5||LOW
EPSS-0.62% / 69.02%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 17:47
Updated-16 Sep, 2024 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored Cross Site-Scripting in File Manager

In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-11223
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.42% / 61.26%
||
7 Day CHG~0.00%
Published-15 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XSS in Artica Pandora FMS before 7.0 NG 723 allows an attacker to execute arbitrary code via a crafted "refr" parameter in a "/pandora_console/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=" call.

Action-Not Available
Vendor-n/aPandora FMS S.L.U.
Product-artica_pandora_fmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-24338
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.01% / 0.53%
||
7 Day CHG~0.00%
Published-25 Feb, 2022 | 14:35
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains TeamCity before 2021.2.1 was vulnerable to reflected XSS.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-teamcityn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-30210
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-9.25% / 92.41%
||
7 Day CHG~0.00%
Published-26 Apr, 2023 | 00:00
Updated-03 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via ourphp_tz.php.

Action-Not Available
Vendor-ourphpn/a
Product-ourphpn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-40336
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.09% / 26.86%
||
7 Day CHG~0.00%
Published-10 Jul, 2024 | 00:00
Updated-15 Apr, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

idccms v1.35 is vulnerable to Cross Site Scripting (XSS) within the 'Image Advertising Management.'

Action-Not Available
Vendor-idccmsn/aidccms_project
Product-idccmsn/aidccms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-23458
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.12% / 32.28%
||
7 Day CHG~0.00%
Published-22 Sep, 2022 | 22:05
Updated-22 Apr, 2025 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Toast UI Grid vulnerable to Cross-site scripting

Toast UI Grid is a component to display and edit data. Versions prior to 4.21.3 are vulnerable to cross-site scripting attacks when pasting specially crafted content into editable cells. This issue was fixed in version 4.21.3. There are no known workarounds.

Action-Not Available
Vendor-nhnnhn
Product-toast_ui_gridtui.grid
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-24699
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.19% / 41.03%
||
7 Day CHG~0.00%
Published-31 Aug, 2020 | 15:29
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress allows XSS.

Action-Not Available
Vendor-chamber_dashboard_business_directory_projectn/a
Product-chamber_dashboard_business_directoryn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-41785
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.15% / 35.97%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 14:43
Updated-18 Jul, 2025 | 13:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Concert cross-site scripting

IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Action-Not Available
Vendor-IBM Corporation
Product-concertConcert Software
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-3901
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.05% / 15.28%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 20:09
Updated-05 Jun, 2025 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Genesis Blocks <= 3.1.3 - Contributor+ Stored XSS

The Genesis Blocks WordPress plugin through 3.1.3 does not properly escape attributes provided to some of its custom blocks, making it possible for users allowed to write posts (like those with the contributor role) to conduct Stored XSS attacks.

Action-Not Available
Vendor-wpengineUnknown
Product-genesis_blocksGenesis Blocks
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-24397
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.1||MEDIUM
EPSS-0.52% / 65.89%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 16:47
Updated-03 Aug, 2024 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser.

Action-Not Available
Vendor-SAP SE
Product-netweaver_enterprise_portalSAP NetWeaver Enterprise Portal
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-42787
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.16% / 37.04%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 00:00
Updated-06 May, 2025 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stored Cross Site Scripting (XSS) vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "description" parameter fields.

Action-Not Available
Vendor-lopalopan/aKashipara Group
Product-music_management_systemn/amusic_management_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10952
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.39%
||
7 Day CHG~0.00%
Published-13 Sep, 2019 | 12:13
Updated-06 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter.

Action-Not Available
Vendor-quotes_collection_projectn/a
Product-quotes_collectionn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-38859
Matching Score-4
Assigner-Checkmk GmbH
ShareView Details
Matching Score-4
Assigner-Checkmk GmbH
CVSS Score-4.8||MEDIUM
EPSS-0.10% / 28.05%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 14:15
Updated-03 Dec, 2024 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XSS in view page with SLA column

XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2.0p33, 2.1.0p47 and 2.0.0 (EOL) allowed malicious users to execute arbitrary scripts by injecting HTML elements into the SLA column title. These scripts could be executed when the view page was cloned by other users.

Action-Not Available
Vendor-Checkmk GmbH
Product-checkmkCheckmk
CWE ID-CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-23327
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.07% / 22.64%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 00:00
Updated-18 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting vulnerability found in ZblogCN ZblogPHP v.1.0 allows a local attacker to execute arbitrary code via a crafted payload in title parameter of the module management model.

Action-Not Available
Vendor-zblogcnn/a
Product-zblogphpn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1069
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.15%
||
7 Day CHG~0.00%
Published-05 Feb, 2020 | 20:45
Updated-06 Aug, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHPShop through 0.8.1 has XSS.

Action-Not Available
Vendor-phpshopPHPShop
Product-phpshopPHPShop
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-23637
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.21% / 42.96%
||
7 Day CHG~0.00%
Published-14 Feb, 2022 | 20:45
Updated-23 Apr, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored Cross-Site-Scripting (XSS) in Markdown Editor

K-Box is a web-based application to manage documents, images, videos and geodata. Prior to version 0.33.1, a stored Cross-Site-Scripting (XSS) vulnerability is present in the markdown editor used by the document abstract and markdown file preview. A specifically crafted anchor link can, if clicked, execute untrusted javascript actions, like retrieving user cookies. Version 0.33.1 includes a patch that allows discarding unsafe links.

Action-Not Available
Vendor-k-linkk-box
Product-k-boxk-box
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-24085
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.15%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 20:20
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsController.php at SetHomePage() function. Due to a lack of controller validation in "path" parameter, an attacker can execute malicious JavaScript code.

Action-Not Available
Vendor-mispn/a
Product-mispn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10988
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 46.76%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 14:28
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebook_message, facebook_linkname, facebook_caption, facebook_description, default_image, or _wp_http_referer.

Action-Not Available
Vendor-leenkn/a
Product-leenk.men/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1086
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 46.84%
||
7 Day CHG~0.00%
Published-07 Feb, 2020 | 21:06
Updated-06 Aug, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter.

Action-Not Available
Vendor-openfilerOpenfiler
Product-openfilerOpenfiler
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-38959
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.79% / 72.92%
||
7 Day CHG~0.00%
Published-09 Jul, 2024 | 00:00
Updated-02 Aug, 2024 | 04:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross Site Scripting vulnerability in Creativeitem Academy LMS Learning Management System v.6.8.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the string parameter.

Action-Not Available
Vendor-n/aCreativeitem
Product-n/aacademy_lms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-18379
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.61% / 68.83%
||
7 Day CHG~0.00%
Published-07 Oct, 2019 | 11:28
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS.

Action-Not Available
Vendor-elementorn/a
Product-elementor_page_buildern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-28993
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.08% / 24.96%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 11:26
Updated-10 Jan, 2025 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Albo Pretorio Online Plugin <= 4.6.1 is vulnerable to Cross Site Scripting (XSS)

Unauth.  Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On Line plugin <= 4.6.1 versions.

Action-Not Available
Vendor-albo_pretorio_on_line_projectIgnazio Scimone
Product-albo_pretorio_on_lineAlbo Pretorio On line
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-39631
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.13% / 32.81%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 22:27
Updated-11 Sep, 2024 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contest Gallery plugin <= 23.1.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Contest Gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through 23.1.2.

Action-Not Available
Vendor-contest-galleryContest Gallerycontest_gallery
Product-contest_galleryContest Gallerycontest_gallery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-29439
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-67.22% / 98.50%
||
7 Day CHG~0.00%
Published-16 May, 2023 | 14:11
Updated-09 Jan, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress FooGallery Plugin <= 2.2.35 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.35 versions.

Action-Not Available
Vendor-foopluginsFooPlugins
Product-foogalleryFooGallery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-2404
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.16% / 37.55%
||
7 Day CHG~0.00%
Published-26 Sep, 2022 | 12:35
Updated-21 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Popup Builder < 1.2.9 - Reflected Cross-Site Scripting

The WP Popup Builder WordPress plugin before 1.2.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

Action-Not Available
Vendor-themehunkUnknown
Product-wp_popup_builderWP Popup Builder – Popup Forms , Marketing PoPuP & Newsletter
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-29720
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.09% / 26.67%
||
7 Day CHG~0.00%
Published-18 May, 2023 | 00:00
Updated-21 Jan, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SofaWiki <=3.8.9 is vulnerable to Cross Site Scripting (XSS) via index.php.

Action-Not Available
Vendor-sofawiki_projectn/a
Product-sofawikin/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-23774
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.22% / 44.92%
||
7 Day CHG~0.00%
Published-26 Jan, 2021 | 21:02
Updated-04 Aug, 2024 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed.

Action-Not Available
Vendor-winmail_projectn/a
Product-winmailn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 180
  • 181
  • Next
Details not found