Search Results (47217 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-25680 1 Adtran 3 Netvanta 7060, Netvanta 7100, Personal Phone Manager 2026-07-05 6.1 Medium
The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only version 10.8.1 was able to be confirmed during primary research. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patched.
CVE-2020-22986 1 Microstrategy 1 Microstrategy Web Sdk 2026-07-04 6.1 Medium
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task.
CVE-2020-24912 1 Qcubed 1 Qcubed 2026-07-04 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.
CVE-2021-31674 1 Cyclos 1 Cyclos 2026-07-04 6.1 Medium
Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant.
CVE-2020-22984 1 Microstrategy 1 Microstrategy Web Sdk 2026-07-04 6.1 Medium
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task.
CVE-2021-46355 1 Factorfx 1 Ocs Inventory 2026-07-04 5.4 Medium
OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To exploit the vulnerability, the attacker needs to manipulate the name of some device on your computer, such as a printer, replacing the device name with some malicious code that allows the execution of Stored Cross-site Scripting (XSS).
CVE-2021-36450 1 Verint 1 Workforce Optimization 2026-07-04 6.1 Medium
Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.
CVE-2020-22985 1 Microstrategy 1 Microstrategy Web Sdk 2026-07-04 6.1 Medium
Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task.
CVE-2020-27509 1 Galaxkey 1 Galaxkey 2026-07-04 5.4 Medium
Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the 'subject' field. The payload executes when the recipient logs into their mailbox.
CVE-2022-25521 1 Nuuo 1 Network Video Recorder Firmware 2026-07-04 9.8 Critical
NUUO v03.11.00 was discovered to contain access control issue.
CVE-2023-25309 1 Fetlife 1 Rollout-ui 2026-07-04 6.1 Medium
Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality.
CVE-2026-57678 2 Themepunch, Wordpress 2 Slider Revolution, Wordpress 2026-07-03 7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemePunch Slider Revolution allows Reflected XSS. This issue affects Slider Revolution: from 7.0.0 through 7.0.16.
CVE-2026-57361 2 Ays-pro, Wordpress 2 Survey Maker, Wordpress 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Survey Maker <= 5.2.2.5 versions.
CVE-2026-57682 2 Quantumcloud, Wordpress 2 Simple Link Directory, Wordpress 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Simple Link Directory <= 15.0.5 versions.
CVE-2026-57674 2 Arraytics, Wordpress 2 Timetics, Wordpress 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Timetics <= 1.0.58 versions.
CVE-2026-57625 2026-07-02 9.6 Critical
Unauthenticated Cross Site Scripting (XSS) in Admin and Site Enhancements (ASE) Pro <= 8.8.5 versions.
CVE-2026-57362 2 Quantumcloud, Wordpress 2 Chatbot, Wordpress 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in ChatBot <= 8.3.2 versions.
CVE-2026-57356 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in MC Woocommerce Wishlist <= 1.9.19 versions.
CVE-2026-57343 2026-07-02 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Real Estate 7 <= 3.5.9 versions.
CVE-2026-13252 2 Themeisle, Wordpress 2 Rss Aggregator By Feedzy – Feed To Post, Autoblogging, News & Youtube Video Feeds Aggregator, Wordpress 2026-07-02 6.4 Medium
The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'aspectRatio' Attribute in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.