Weaknesses of type CWE-84
18 resultsCVE-2020-7011—Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If theEPSS 1.0%CVE-2022-40181—A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), DEPSS 0.8%CVE-2021-3824—OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL.EPSS 0.7%CVE-2025-58444HIGHMCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP ServerEPSS 0.6%CVE-2023-25571MEDIUMBackstage has XSS Vulnerability in Software CatalogEPSS 0.5%CVE-2023-30959MEDIUMStored XSS via javascript URI in Apollo Change Requests commentEPSS 0.3%CVE-2024-45045MEDIUMJavaScript Injection via url encoded values in links in Collabora Office AndroidEPSS 0.3%CVE-2025-30203MEDIUMTuleap allows XSS via the content of RSS feeds in the RSS widgetsEPSS 0.3%CVE-2025-25329MEDIUMAn issue in Tencent Technology (Beijing) Company Limited Tencent MicroVision iOS 8.137.0 allows attackers to access sensitive user informatiEPSS 0.2%CVE-2025-25334MEDIUMAn issue in Suning Commerce Group Suning EMall iOS 9.5.198 allows attackers to access sensitive user information via supplying a crafted linEPSS 0.2%CVE-2025-25330MEDIUMAn issue in Boohee Technology Boohee Health iOS 13.0.13 allows attackers to access sensitive user information via supplying a crafted link.EPSS 0.2%CVE-2025-25325MEDIUMAn issue in Yibin Fengguan Network Technology Co., Ltd YuPao DirectHire iOS 8.8.0 allows attackers to access sensitive user information via EPSS 0.2%CVE-2025-25326MEDIUMAn issue in Merchants Union Consumer Finance Company Limited Merchants Union Finance iOS 6.19.0 allows attackers to access sensitive user inEPSS 0.2%CVE-2025-25323MEDIUMAn issue in Qianjin Network Information Technology (Shanghai) Co., Ltd 51Job iOS 14.22.0 allows attackers to access sensitive user informatiEPSS 0.2%CVE-2025-25331MEDIUMAn issue in Beitatong Technology LianJia iOS 9.83.50 allows attackers to access sensitive user information via supplying a crafted link.EPSS 0.2%CVE-2025-25324MEDIUMAn issue in Shandong Provincial Big Data Center AiShanDong iOS 5.0.0 allows attackers to access sensitive user information via supplying a cEPSS 0.2%CVE-2024-52890MEDIUMIBM Engineering Lifecycle Optimization - Publishing cross-site scriptingEPSS 0.2%CVE-2024-42184LOWHCL BigFix Patch Download Plug-ins are affected by insecure support for file URI schemeEPSS 0.1%