CWE-79 CVEs and Security Vulnerabilities

Filtered by CWE-79

Search

Switch to Advanced Search (Beta)

Total 35491 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-30890	1 Ed01-cms Project	1 Ed01-cms	2025-04-30	4.7 Medium
Cross Site Scripting vulnerability in ED01-CMS v.1.0 allows an attacker to obtain sensitive information via the categories.php component.
CVE-2024-31574	1 Twcms	1 Twcms	2025-04-30	5 Medium
Cross Site Scripting vulnerability in TWCMS v.2.6 allows a local attacker to execute arbitrary code via a crafted script
CVE-2024-37764	1 Machform	1 Machform	2025-04-30	5.4 Medium
MachForm up to version 19 is affected by an authenticated stored cross-site scripting.
CVE-2024-37763	1 Machform	1 Machform	2025-04-30	5.4 Medium
MachForm up to version 19 is affected by an unauthenticated stored cross-site scripting which affects users with valid sessions whom can view compiled forms results.
CVE-2025-46228	1 Avecnous	1 Event Post	2025-04-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bastien Ho Event post allows DOM-Based XSS. This issue affects Event post: from n/a through 5.9.11.
CVE-2025-46229	1 Textmetrics	1 Textmetrics	2025-04-30	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Israpil Textmetrics allows Stored XSS. This issue affects Textmetrics: from n/a through 3.6.2.
CVE-2021-25963	1 Shuup	1 Shuup	2025-04-30	6.1 Medium
In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting (XSS) that allows execution of arbitrary javascript code on a victim browser. This vulnerability exists due to the error page contents not escaped.
CVE-2021-25964	1 Janeczku	1 Calibre-web	2025-04-30	5.4 Medium
In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered.
CVE-2025-46233	1 Sirv	1 Sirv	2025-04-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sirv CDN and Image Hosting Sirv allows Stored XSS. This issue affects Sirv: from n/a through 7.5.3.
CVE-2024-52944	1 Veritas	1 Enterprise Vault	2025-04-30	5.4 Medium
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.
CVE-2024-52943	1 Veritas	1 Enterprise Vault	2025-04-30	5.4 Medium
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.
CVE-2024-52942	1 Veritas	1 Enterprise Vault	2025-04-30	5.4 Medium
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user.
CVE-2025-46235	1 Sktthemes	1 Skt Blocks	2025-04-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sonalsinha21 SKT Blocks – Gutenberg based Page Builder allows Stored XSS. This issue affects SKT Blocks – Gutenberg based Page Builder: from n/a through 2.0.
CVE-2025-46236	1 Ibericode	1 Html Forms	2025-04-30	6.5 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Software LLC HTML Forms allows Stored XSS. This issue affects HTML Forms: from n/a through 1.5.2.
CVE-2022-45401	1 Jenkins	1 Associated Files	2025-04-30	5.4 Medium
Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-44073	1 Tribalsystems	1 Zenario	2025-04-30	5.4 Medium
Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via svg,Users & Contacts.
CVE-2022-44071	1 Tribalsystems	1 Zenario	2025-04-30	5.4 Medium
Zenario CMS 9.3.57186 is is vulnerable to Cross Site Scripting (XSS) via profile.
CVE-2022-44070	1 Tribalsystems	1 Zenario	2025-04-30	5.4 Medium
Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via News articles.
CVE-2022-44069	1 Tribalsystems	1 Zenario	2025-04-30	5.4 Medium
Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module.
CVE-2022-44002	1 Backclick	1 Backclick	2025-04-30	6.1 Medium
An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross-site scripting (XSS) at various locations.

« first previous Page 2 of 1775. next last »