Fallos del tipo CWE-79

26.052 resultados

CVE-2022-29455MEDIUMWordPress Elementor plugin <= 3.5.5 - Unauthenticated DOM-based Reflected Cross-Site Scripting (XSS) vulnerabilityEPSS 23.2%CVE-2020-8191—Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 andEPSS 22.9%CVE-2024-43365MEDIUMStored Cross-site Scripting (XSS) when creating external links in CactiEPSS 22.5%CVE-2021-22874—Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter.EPSS 22.1%CVE-2021-22875—Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter.EPSS 22.1%CVE-2024-27781MEDIUMAn improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0 throughEPSS 22.0%CVE-2024-3378MEDIUMiboss Secure Web Gateway Login Portal login cross site scriptingEPSS 22.0%CVE-2025-46618LOWIn JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tabEPSS 22.0%CVE-2024-39123MEDIUMIn janeczku Calibre-Web 0.6.0 to 0.6.21, the edit_book_comments function is vulnerable to Cross Site Scripting (XSS) due to improper sanitizEPSS 21.5%CVE-2024-27162MEDIUMDOM-based XSSEPSS 21.2%CVE-2024-44309MEDIUMA cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, EPSS 21.0%KEV CVE-2021-22888—Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attackEPSS 19.8%CVE-2024-50339CRITICALGLPI vulnerable to unauthenticated session hijackingEPSS 19.8%CVE-2025-68461HIGHRoundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG dEPSS 19.8%KEV CVE-2023-4372MEDIUMLiteSpeed Cache <= 5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ShortcodeEPSS 19.7%CVE-2024-27443MEDIUMAn issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite EPSS 19.5%KEV CVE-2024-1676CRITICALInappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafEPSS 18.6%CVE-2021-24275—Popup by Supsystic < 1.10.5 - Reflected Cross-Site scripting (XSS)EPSS 18.2%CVE-2024-28739CRITICALAn issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a crafted script to the format parameter.EPSS 17.7%CVE-2018-19943HIGHIf exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these isEPSS 17.7%KEV

← anteriorpágina 9 / 1303siguiente →