Search Results (47209 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-10228 1 Limesurvey 1 Limesurvey 2026-07-05 6.1 Medium
Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI.
CVE-2026-50767 1 Koha 1 Library Management System 2026-07-05 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the item type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the item type check-in message field (checkinmsg).
CVE-2026-50766 1 Koha 1 Koha 2026-07-05 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with edit_items permission to inject arbitrary web scripts via the item public notes field (items.itemnotes).
CVE-2026-50765 1 Koha 1 Library Management System 2026-07-05 6.1 Medium
A stored cross-site scripting (XSS) vulnerability in the patron restriction type administration page of Koha Library Management System 0 through 25.11 versions allow an authenticated remote attacker with administrator privileges to inject arbitrary web scripts via the restriction type label (display_text field).
CVE-2021-25679 1 Adtran 3 Netvanta 7060, Netvanta 7100, Personal Phone Manager 2026-07-05 5.4 Medium
The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only version 10.8.1 was able to be confirmed during primary research. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patched.
CVE-2023-26998 1 Netscout 1 Ngeniusone 2026-07-05 5.4 Medium
Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page.
CVE-2023-41013 1 Icewarp 1 Icewarp 2026-07-05 6.1 Medium
Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.
CVE-2023-37728 1 Icewarp 1 Icewarp 2026-07-05 6.1 Medium
IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter.
CVE-2023-22985 1 Simple Guestbook Management System Project 1 Simple Guestbook Management System 2026-07-05 6.1 Medium
Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting (XSS) via Name, Referrer, Location, and Comments.
CVE-2022-31358 1 Proxmox 1 Virtual Environment 2026-07-05 9 Critical
A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/.
CVE-2021-26787 1 Genesys 1 Workforce Management 2026-07-05 6.1 Medium
A cross site scripting (XSS) vulnerability in Genesys Workforce Management 8.5.214.20 can occur (during record deletion) via the Time-off parameter.
CVE-2020-22987 1 Microstrategy 1 Microstrategy Web Sdk 2026-07-05 6.1 Medium
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task.
CVE-2021-25680 1 Adtran 3 Netvanta 7060, Netvanta 7100, Personal Phone Manager 2026-07-05 6.1 Medium
The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only version 10.8.1 was able to be confirmed during primary research. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patched.
CVE-2020-22986 1 Microstrategy 1 Microstrategy Web Sdk 2026-07-04 6.1 Medium
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task.
CVE-2020-24912 1 Qcubed 1 Qcubed 2026-07-04 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.
CVE-2021-31674 1 Cyclos 1 Cyclos 2026-07-04 6.1 Medium
Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant.
CVE-2020-22984 1 Microstrategy 1 Microstrategy Web Sdk 2026-07-04 6.1 Medium
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task.
CVE-2021-46355 1 Factorfx 1 Ocs Inventory 2026-07-04 5.4 Medium
OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To exploit the vulnerability, the attacker needs to manipulate the name of some device on your computer, such as a printer, replacing the device name with some malicious code that allows the execution of Stored Cross-site Scripting (XSS).
CVE-2021-36450 1 Verint 1 Workforce Optimization 2026-07-04 6.1 Medium
Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.
CVE-2020-22985 1 Microstrategy 1 Microstrategy Web Sdk 2026-07-04 6.1 Medium
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task.