| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field. |
| OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation. |
| OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field. |
| OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field. |
| OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number. |
| HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowing administrator cookies to be stolen. |
| There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0. |
| There is a Cross Site Scripting (XSS) vulnerability in the message parameter of index.php in PHPJabbers Ticket Support Script v3.2. |
| There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0. |
| PHPJabbers Fundraising Script v1.0 is vulnerable to Cross Site Scripting (XSS) via the "action" parameter of index.php. |
| There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Yacht Listing Script v1.0. |
| A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials. |
| A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands. |
| Stored cross-site scripting vulnerability in Map setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script. |
| IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 264019. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. Groundhogg plugin <= 2.7.11.10 versions. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Yoast Yoast SEO allows Stored XSS.This issue affects Yoast SEO: from n/a through 21.0.
|
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Vertical marquee plugin <= 7.1 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin <= 5.0.8 versions. |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PluginOps Landing Page Builder plugin <= 1.5.1.2 versions. |
