CWE:
 

Topic
Date
Author
Low
OX App Suite Frontend 7.10.6-rev44 Cross Site Scripting
26.08.2024
Martin Heiland
Med.
OX App Suite 7.10.6 Cross Site Scripting / SSRF / Resource Consumption
01.12.2022
Martin Heiland
Med.
OX App Suite Cross Site Scripting / Command Injection
02.09.2022
Martin Heiland
Med.
OX App Suite 7.10.5 Cross Site Scripting
22.03.2022
Martin Heiland
Med.
OX App Suite / OX Guard SSRF / DoS / Cross Site Scripting
30.04.2021
Martin Heiland
High
OX App Suite / OX Documents 7.10.3 XSS / Server-Side Request Forgery
19.10.2020
Martin Heiland
Low
OX App Suite 7.10.2 Cross Site Scripting / Improper Access Control
05.01.2020
Martin Heiland
Low
Open-Xchange OX Guard Cross Site Scripting / Signature Validation
17.08.2019
Hanno Boeck
Med.
Ox App Suite 7.8.4 / 7.8.3 XSS / CSRF / Information Disclosure
08.01.2019
Secator
Low
Base Soundtouch 18.1.4 Cross Site Scripting
08.01.2019
Tim Schughart
Med.
OX App Suite 7.8.4 XSS / Privilege Management / SSRF / Traversal
12.06.2018
Martin Heiland
Low
Open-Xchange App Suite 7.8.1 Cross Site Scripting
14.07.2016
Sasi Levi
Low
Open-Xchange Server 6 / OX AppSuite Cross Site Scripting
28.04.2015
Martin Heiland
Low
Open-Xchange Server 6 / OX AppSuite 7.6.1 Cross Site Scripting
06.01.2015
John de Kroon
Med.
Open-Xchange 7.6.0 XSS / SSRF / Traversal
16.09.2014
Martin Heiland
Low
Open-Xchange AppSuite 7.4.1 / 7.4.2 Cross Site Scripting
18.03.2014
Open-Xchange
Low
Open-Xchange 7.4.1 Script Insertion
12.02.2014
joernchen
Low
Open-Xchange AppSuite Script Insertion
07.11.2013
Martin Braun

CVEMAP Search Results

CVE
Details
Description
2024-10-20
Waiting for details
CVE-2024-44061
Updating...
 
 
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WPFactory EU/UK VAT Manager for WooCommerce allows Cross-Site Scripting (XSS).This issue affects EU/UK VAT Manager for WooCommerce: from n/a through 2.12.14.

 
2024-10-16
Waiting for details
CVE-2023-32192
Updating...
 
 
A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in the API Server's public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser

 
Waiting for details
CVE-2023-32193
Updating...
 
 
A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely.

 
2024-10-04
Waiting for details
CVE-2024-38039
Updating...
 
 
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim�??s browser (no stateful change made or customer data rendered).

 
2024-09-26
Waiting for details
CVE-2024-8872
Updating...
 
 
The Store Hours for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.3.20. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

 
2024-09-21
Waiting for details
CVE-2024-8680
Updating...
 
 
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

 
2024-09-12
Waiting for details
CVE-2024-2010
Updating...
 
 
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in TE Informatics V5 allows Reflected XSS.This issue affects V5: before 6.2.

 
2024-08-25
Waiting for details
CVE-2024-8145
Updating...
 
 
A vulnerability, which was classified as problematic, has been found in ClassCMS 4.8. Affected by this issue is some unknown functionality of the file /index.php/admin of the component Article Handler. The manipulation of the argument Title leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

 
2024-07-30
Waiting for details
CVE-2024-41693
Updating...
 
 
Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

 
2024-07-22
Waiting for details
CVE-2024-32484
Updating...
 
 
An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability.

 

 

Copyright 2025, cxsecurity.com

 

Back to Top