Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-47646

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-08 Jul, 2026 | 23:24
Updated At-15 Jul, 2026 | 20:10
Rejected At-
Credits

Dynamics 365 Customer Voice Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:08 Jul, 2026 | 23:24
Updated At:15 Jul, 2026 | 20:10
Rejected At:
▼CVE Numbering Authority (CNA)
Dynamics 365 Customer Voice Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network.

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Dynamics 365 Customer Voice
Versions
Affected
  • -
Problem Types
TypeCWE IDDescription
CWECWE-79CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Type: CWE
CWE ID: CWE-79
Description: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Metrics
VersionBase scoreBase severityVector
3.19.3CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C
Version: 3.1
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47646
vendor-advisory
patch
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47646
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:09 Jul, 2026 | 00:17
Updated At:09 Jul, 2026 | 19:17

Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.3CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
N/A
Type: Secondary
Version: 3.1
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Microsoft Corporation
microsoft
>>dynamics_365_customer_voice>>-
cpe:2.3:a:microsoft:dynamics_365_customer_voice:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Secondarysecure@microsoft.com
CWE ID: CWE-79
Type: Secondary
Source: secure@microsoft.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47646secure@microsoft.com
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47646
Source: secure@microsoft.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

11334Records found

CVE-2024-38108
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||CRITICAL
EPSS-1.14% / 63.00%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:29
Updated-10 Jul, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Stack Hub Spoofing Vulnerability

Azure Stack Hub Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_stack_hubAzure Stack Hub
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-3841
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-7.6||HIGH
EPSS-0.66% / 47.29%
||
7 Day CHG~0.00%
Published-17 Apr, 2024 | 07:46
Updated-13 Feb, 2025 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. (Chromium security severity: Medium)

Action-Not Available
Vendor-Fedora ProjectMicrosoft CorporationGoogle LLC
Product-chromewindowsfedoraChromechrome
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-38166
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.2||HIGH
EPSS-0.75% / 50.83%
||
7 Day CHG+0.04%
Published-06 Aug, 2024 | 21:38
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dynamics 365 Cross-site Scripting Vulnerability

An unauthenticated attacker can exploit improper neutralization of input during web page generation in Microsoft Dynamics 365 to spoof over a network by tricking a user to click on a link.

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_crm_service_portal_web_resourceDynamics CRM Service Portal Web Resource
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-38208
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.39% / 31.28%
||
7 Day CHG~0.00%
Published-22 Aug, 2024 | 23:04
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge for Android Spoofing Vulnerability

Microsoft Edge for Android Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft CorporationGoogle LLC
Product-androidedgeMicrosoft Edge for Android
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-38156
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.41% / 33.52%
||
7 Day CHG~0.00%
Published-18 Jul, 2024 | 23:03
Updated-09 Dec, 2025 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edgeMicrosoft Edge (Chromium-based)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-37304
Matching Score-10
Assigner-GitHub, Inc.
ShareView Details
Matching Score-10
Assigner-GitHub, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.66% / 47.31%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 14:27
Updated-04 Sep, 2025 | 19:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NuGetGallery's Markdown Autolinks Processing Vulnerable to Cross-site Scripting

NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight allows attackers to exploit autolinks as a vector for Cross-Site Scripting (XSS) attacks. When a user inputs a Markdown autolink such as `<javascript:alert(1)>`, the link is rendered without proper sanitization. This means that the JavaScript code within the autolink can be executed by the browser, leading to an XSS attack. Version 2024.05.28 contains a patch for this issue.

Action-Not Available
Vendor-NuGetMicrosoft Corporation
Product-nugetgalleryNuGetGallery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-38709
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.43% / 34.98%
||
7 Day CHG+0.01%
Published-06 Oct, 2022 | 17:15
Updated-17 Sep, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 for Cloud Pak is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 234291.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowsrobotic_process_automation_for_cloud_pakRobotic Process Automation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-34691
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||CRITICAL
EPSS-0.24% / 15.46%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 17:13
Updated-11 Jun, 2026 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Experience Manager Forms JEE | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field, potentially gaining elevated access or control over the victim's account or session. Scope is changed.

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLCMicrosoft CorporationApple Inc.Adobe Inc.
Product-experience_managerwindowslinux_kerneliphone_osandroidmacosAdobe Experience Manager Forms JEE
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-34614
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-0.19% / 8.43%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 17:33
Updated-22 Apr, 2026 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79)

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.
Product-windowsconnectconnect_desktop_applicationmacosAdobe Connect
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-32207
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.58% / 43.78%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 20:58
Updated-19 Jun, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Machine Learning Notebook Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_machine_learningAzure Machine Learning
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-22477
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.59% / 44.45%
||
7 Day CHG~0.00%
Published-14 Jul, 2022 | 16:25
Updated-16 Sep, 2024 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225605.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kernelwebsphere_application_serverihp-uxwindowsz\/osaixWebSphere Application Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34330
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.39% / 31.49%
||
7 Day CHG~0.00%
Published-04 Jan, 2023 | 17:07
Updated-10 Apr, 2025 | 13:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Sterling B2B Integrator cross-site scripting

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229469.

Action-Not Available
Vendor-Linux Kernel Organization, IncIBM CorporationMicrosoft Corporation
Product-sterling_b2b_integratoraixwindowslinux_kernelSterling B2B Integrator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-33113
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.52% / 40.80%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 17:05
Updated-15 Jul, 2026 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server Subscription EditionMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-32196
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.29% / 21.21%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 16:58
Updated-19 Jun, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Admin Center Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_admin_centerWindows Admin Center
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-25709
Matching Score-10
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-10
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.45% / 36.58%
||
7 Day CHG~0.00%
Published-04 Apr, 2024 | 17:55
Updated-13 Feb, 2026 | 19:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Self-XSS style in move item dialog

There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.2 and below that may allow a remote, authenticated attacker to create a crafted link that can be saved as a new location when moving an existing item, which could potentially execute arbitrary JavaScript code in a victim’s browser. Exploitation does not require any privileges and can be performed by an anonymous user.

Action-Not Available
Vendor-Linux Kernel Organization, IncMicrosoft CorporationEnvironmental Systems Research Institute, Inc. ("Esri")
Product-portal_for_arcgislinux_kernelwindowsPortal for ArcGIS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-25698
Matching Score-10
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-10
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.43% / 34.48%
||
7 Day CHG~0.00%
Published-04 Apr, 2024 | 17:54
Updated-10 Apr, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected XSS in Portal for ArcGIS

There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.

Action-Not Available
Vendor-Linux Kernel Organization, IncEnvironmental Systems Research Institute, Inc. ("Esri")Microsoft Corporation
Product-linux_kernelportal_for_arcgiswindowsPortal for ArcGISportal_for_arcgis
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-1482
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-6.3||MEDIUM
EPSS-1.99% / 78.43%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 17:09
Updated-23 Feb, 2026 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office SharePoint XSS Vulnerability

<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_enterprise_serversharepoint_foundationsharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Foundation 2010 Service Pack 2
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-26105
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-1.26% / 66.36%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 17:05
Updated-19 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Enterprise Server 2016
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-27246
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||CRITICAL
EPSS-0.30% / 22.41%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 17:33
Updated-28 Apr, 2026 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Connect | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsconnectconnect_desktop_applicationmacosAdobe Connect
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-30991
Matching Score-10
Assigner-Acronis International GmbH
ShareView Details
Matching Score-10
Assigner-Acronis International GmbH
CVSS Score-6.1||MEDIUM
EPSS-0.53% / 40.98%
||
7 Day CHG+0.01%
Published-18 May, 2022 | 19:43
Updated-17 Sep, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HTML injection via report name

HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240

Action-Not Available
Vendor-Acronis (Acronis International GmbH)Linux Kernel Organization, IncMicrosoft Corporation
Product-cyber_protectwindowslinux_kernelAcronis Cyber Protect 15
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-27243
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||CRITICAL
EPSS-0.30% / 22.41%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 17:33
Updated-28 Apr, 2026 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79)

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsconnectconnect_desktop_applicationmacosAdobe Connect
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-27245
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-9.3||CRITICAL
EPSS-0.30% / 22.41%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 17:33
Updated-28 Apr, 2026 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79)

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsconnectconnect_desktop_applicationmacosAdobe Connect
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-1883
Matching Score-10
Assigner-PaperCut Software Pty Ltd
ShareView Details
Matching Score-10
Assigner-PaperCut Software Pty Ltd
CVSS Score-6.3||MEDIUM
EPSS-61.47% / 99.07%
||
7 Day CHG~0.00%
Published-14 Mar, 2024 | 03:09
Updated-23 Jan, 2025 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected XSS in PaperCut NG/MF

This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a script. When an unsuspecting user clicks on this malicious link, it could potentially lead to limited loss of confidentiality, integrity or availability.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationPaperCut Software Pty LtdLinux Kernel Organization, Inc
Product-papercut_mfmacoswindowslinux_kernelpapercut_ngPaperCut NG, PaperCut MF
CWE ID-CWE-76
Improper Neutralization of Equivalent Special Elements
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-1442
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.73% / 75.04%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:54
Updated-04 Aug, 2024 | 06:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office Web Apps XSS Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_online_serveroffice_web_appsMicrosoft Office Web AppsMicrosoft Office Online Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-1327
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.82% / 76.33%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:44
Updated-04 Aug, 2024 | 06:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_devops_serverAzure DevOps ServerAzure DevOps Server 2019 Update 1.1Azure DevOps Server 2019
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-21331
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-0.22% / 13.17%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 17:33
Updated-22 Apr, 2026 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79)

Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.
Product-windowsconnectconnect_desktop_applicationmacosAdobe Connect
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-21264
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-9.3||CRITICAL
EPSS-0.37% / 29.28%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 22:47
Updated-01 Apr, 2026 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Account Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-accountMicrosoft Account
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-0310
Matching Score-10
Assigner-Trellix
ShareView Details
Matching Score-10
Assigner-Trellix
CVSS Score-6.1||MEDIUM
EPSS-0.42% / 34.27%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 10:43
Updated-03 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-only mode, allowing an attacker to bypass the content-security-policy configuration.

Action-Not Available
Vendor-Microsoft CorporationMusarubra US LLC (Trellix)
Product-windowsendpoint_security_web_controlTrellix Endpoint Security (ENS) Web Controlendpoint_security
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-11186
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.1||MEDIUM
EPSS-0.16% / 5.47%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:05
Updated-06 Jun, 2026 | 01:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncApple Inc.Google LLC
Product-linux_kernelwindowsmacoschromeChrome
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-11273
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.1||MEDIUM
EPSS-0.16% / 5.45%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:06
Updated-08 Jun, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncApple Inc.Google LLC
Product-linux_kernelwindowsmacoschromeChrome
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-12459
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.1||MEDIUM
EPSS-0.18% / 7.80%
||
7 Day CHG~0.00%
Published-17 Jun, 2026 | 01:38
Updated-17 Jun, 2026 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in Serial in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Linux Kernel Organization, IncGoogle LLCMicrosoft CorporationApple Inc.
Product-macoslinux_kernelchromewindowsChrome
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-11150
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-10
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.1||MEDIUM
EPSS-0.16% / 5.47%
||
7 Day CHG~0.00%
Published-04 Jun, 2026 | 23:05
Updated-08 Jun, 2026 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncApple Inc.Google LLC
Product-linux_kernelwindowsmacoschromeChrome
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-18654
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.85% / 54.15%
||
7 Day CHG~0.00%
Published-01 Nov, 2019 | 18:25
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name.

Action-Not Available
Vendor-avgn/aMicrosoft Corporation
Product-anti-viruswindowsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-17070
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.94% / 57.01%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 10:51
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin before 1.0.7 for WordPress allows XSS with Internet Explorer.

Action-Not Available
Vendor-lqdn/aMicrosoft Corporation
Product-liquid_speech_ballooninternet_explorern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-4973
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-1.84% / 76.53%
||
7 Day CHG~0.00%
Published-15 Sep, 2023 | 02:00
Updated-02 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Academy LMS GET Parameter filter cross site scripting

A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument searched_word/searched_tution_class_type[]/searched_price_type[]/searched_duration[] leads to cross site scripting. The attack can be launched remotely. The identifier VDB-239749 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-CreativeitemMicrosoft Corporation
Product-academy_lmswindowsLMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-48681
Matching Score-10
Assigner-Acronis International GmbH
ShareView Details
Matching Score-10
Assigner-Acronis International GmbH
CVSS Score-1.9||LOW
EPSS-0.30% / 21.90%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 16:52
Updated-06 Feb, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Self cross-site scripting (XSS) vulnerability in storage nodes search field. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391.

Action-Not Available
Vendor-Acronis (Acronis International GmbH)Microsoft CorporationLinux Kernel Organization, Inc
Product-windowslinux_kernelcyber_protectAcronis Cyber Protect 16
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-4594
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-10
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-6.1||MEDIUM
EPSS-0.39% / 31.12%
||
7 Day CHG~0.00%
Published-23 Nov, 2023 | 12:35
Updated-21 Nov, 2024 | 19:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting in BVRP Software SLmail

Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file.

Action-Not Available
Vendor-seattlelabBVRP SoftwareMicrosoft Corporation
Product-windowsslmailSLmail
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-43039
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.18% / 8.07%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 18:25
Updated-17 Aug, 2025 | 00:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM OpenPages with Watson cross-site scripting

IBM OpenPages with Watson 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session

Action-Not Available
Vendor-IBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-linux_kernelwindowsopenpages_with_watsonOpenPages with Watson
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-4136
Matching Score-10
Assigner-Crafter CMS
ShareView Details
Matching Score-10
Assigner-Crafter CMS
CVSS Score-7.4||HIGH
EPSS-1.30% / 67.31%
||
7 Day CHG~0.00%
Published-03 Aug, 2023 | 13:33
Updated-13 Feb, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafter Engine

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27.

Action-Not Available
Vendor-craftercmsCrafterCMSLinux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-windowslinux_kernelmacoscraftercmsCrafterCMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-69268
Matching Score-10
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Matching Score-10
Assigner-CA Technologies - A Broadcom Company
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 3.80%
||
7 Day CHG~0.00%
Published-12 Jan, 2026 | 03:59
Updated-14 Jan, 2026 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spectrum reflected XSS

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Reflected XSS.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncBroadcom Inc.
Product-linux_kernelwindowsdx_netops_spectrumDX NetOps Spectrum
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-36416
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.81% / 52.83%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:08
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365Microsoft Dynamics 365 (on-premises) version 9.0Microsoft Dynamics 365 (on-premises) version 9.1
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-69275
Matching Score-10
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Matching Score-10
Assigner-CA Technologies - A Broadcom Company
CVSS Score-7.1||HIGH
EPSS-0.12% / 2.38%
||
7 Day CHG~0.00%
Published-12 Jan, 2026 | 04:47
Updated-14 Jan, 2026 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spectrum outdated java library in class-path

Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier.

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncBroadcom Inc.
Product-linux_kernelwindowsdx_netops_spectrumDX NetOps Spectrum
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-1395
Dependency on Vulnerable Third-Party Component
CVE-2025-67710
Matching Score-10
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-10
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.20% / 9.66%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 22:18
Updated-06 Jan, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS vulnerability in ArcGIS Server

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncEnvironmental Systems Research Institute, Inc. ("Esri")
Product-linux_kernelwindowsarcgis_serverArcGIS Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-67703
Matching Score-10
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-10
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.19% / 9.17%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 22:13
Updated-06 Jan, 2026 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS vulnerability in ArcGIS Server.

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncEnvironmental Systems Research Institute, Inc. ("Esri")
Product-linux_kernelwindowsarcgis_serverArcGIS Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-4681
Matching Score-10
Assigner-IBM Corporation
ShareView Details
Matching Score-10
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.73% / 50.14%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 15:20
Updated-16 Sep, 2024 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171734.

Action-Not Available
Vendor-Oracle CorporationIBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-solarislinux_kernelwindowsaixtivoli_netcool\/impactTivoli Netcool Impact
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-67708
Matching Score-10
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-10
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.20% / 9.66%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 22:17
Updated-06 Jan, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected cross-site scripting (XSS) vulnerability in ArcGIS Server.

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncEnvironmental Systems Research Institute, Inc. ("Esri")
Product-linux_kernelwindowsarcgis_serverArcGIS Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-67704
Matching Score-10
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-10
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.20% / 9.66%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 22:14
Updated-06 Jan, 2026 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS vulnerability in ArcGIS Server.

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncEnvironmental Systems Research Institute, Inc. ("Esri")
Product-linux_kernelwindowsarcgis_serverArcGIS Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-67705
Matching Score-10
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-10
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.19% / 9.17%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 22:15
Updated-06 Jan, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected XSS vulnerability in ArcGIS Server.

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncEnvironmental Systems Research Institute, Inc. ("Esri")
Product-linux_kernelwindowsarcgis_serverArcGIS Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-67711
Matching Score-10
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-10
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.20% / 9.66%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 22:18
Updated-06 Jan, 2026 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected XSS vulnerability in ArcGIS Server.

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncEnvironmental Systems Research Institute, Inc. ("Esri")
Product-linux_kernelwindowsarcgis_serverArcGIS Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-67709
Matching Score-10
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-10
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.20% / 9.66%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 22:17
Updated-06 Jan, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
There is a cross site scripting issue in ArcGIS Server.

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser.

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncEnvironmental Systems Research Institute, Inc. ("Esri")
Product-linux_kernelwindowsarcgis_serverArcGIS Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 226
  • 227
  • Next
Details not found